Link encyclopedia
Last updated
Last updated
Going to try to keep this updated.
- Companion videos to the famous book
- Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls.
- GetSPN and other things
- Empire Introduction from official documentation
- contains documentation and how to use Powerview
- Powerview tips and tricks from HarmJ0y
- Bloodhound Node info explanations
- General Bloodhound usage guide article
- Mass Mimikatz with AV bypass (questionable)
- Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
- Invoke-Portscan is a module from Powersploit that can perform port scans similar to Nmap straight from Powershell.
- Finding local admins in AD
- Article about Kerberos preauthentication
- Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.
- SShuttle creates an SSH tunnel that works almost just like a VPN
- Using Amazon AWS EC2 for C2
- Powershell implementation of dnscat2 client
- dnscat2 can be used with powershell for working over DNS to hide C2 activity
- How DNS tunneling works
- SharpShooter can create payloads for many formats like HTA, JS and VBS
- DCShadow, attack technique to create a rogue domain controller
- Ruler can interact with Exchange servers remotely
- Breaking out of Applocker using advanced techniques
- List of most known Applocker bypass techniques
- Reference material for securing admin access in AD
- Red forest design is building an administrative AD environement built with security in mind
- Official MSDN ISOs for all OSes
- Automatedlab is a project for building a lab environment automatically using Powershell.
- Big article from this book about building a lab using ESXi
- Small article from this book about creating a small lab for practicing things like Responder
- contains a ton of useful commands for enumeration and exploitation