Stealth

This chapter is about staying stealthy and opsec safe. That means not getting caught by the blue team on engagements.
General
These are some key things we must avoid
Putting files on disk
RDP in to boxes
Trigger pop-ups on desktops
Changing account passwords
Locking out users
Changing group membership of accounts
Changing existing settings and files
Changing GPOs permanently
Messing up Kerberos tickets
Triggering alerts from security products like AV
Killing processes you don't own
Any sort of DOS
Leaving files and tools
Not cleaning up
Using DLLs
​https://pentestlab.blog/tag/rundll32/​
Obfuscating mimikatz
Any sysadmin with half a brain can now write and something to stop most common ways of executing mimikatz. Since we don't want to get caught we could obfuscate Mimikatz numerous ways.
Running to memory either through Powershell or through meterpreter (will probably get you caught)
Changing some basic things that will be triggered by signature, see: https://gist.github.com/imaibou/92feba3455bf173f123fbe50bbe80781​
Veil Pillage
Veil Pillage is a post exploitation tool and a part of the Veil framework intended for staying undetected through obfuscation.
​https://github.com/Veil-Framework/Veil-Pillage​

Last modified 5yr ago