DarthSidious
Search…
Darth Sidious
GETTING STARTED
Getting started
External network access to Domain Admin
Intro to Windows hashes
Building a lab
Building a lab
Preparing Kali
Building a small lab
Building a lab with ESXI and Vagrant
Cuckoo malware analysis lab
Initial access
Password spraying
Initial access through exchange
ENUMERATION
Powershell
BloodHound
PowerView
Azure enumeration
Execution
Pass the hash
Responder with NTLM relay and Empire
DeathStar
CrackMapExec
Privilege escalation
Mimikatz
Token Impersonation
Juicy Potato
ALPC bug 0day
Defense evasion
Bypassing Applocker and Powershell contstrained language mode
From RDS app to Empire shell
Stealth
OTHER
Link encyclopedia
Writeups
War stories
Credential access
Password cracking and auditing
Command & Control
SILENTTRINITY
Powered By
GitBook
Link encyclopedia
Going to try to keep this updated.
Microsoft
Powershell
​
Powershell 101
​
​
Learn Windows PowerShell in a Month of Lunches (Youtube)
- Companion videos to the famous book
​
p3nt4/PowerShdll
- Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls.
​
nullbind/Powershellery
- GetSPN and other things
Empire
​
Empire 101
- Empire Introduction from official documentation
Powerview
​
Powerview repository
- contains documentation and how to use Powerview
​
PowerView-3.0-tricks.ps1
- Powerview tips and tricks from HarmJ0y
Bloodhound
​
Bloodhound node info
- Bloodhound Node info explanations
​
Lay of the land with bloodhound
- General Bloodhound usage guide article
Mimikatz
​
Lazykats
- Mass Mimikatz with AV bypass (questionable)
​
Direct link to Invoke-Mimikatz.ps1
​
​
Auto dumping domain credentials
​
​
eladshamir/Internal-Monologue
- Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Enumeration
​
Invoke-Portscan.ps1
- Invoke-Portscan is a module from Powersploit that can perform port scans similar to Nmap straight from Powershell.
​
Walking back local admins
- Finding local admins in AD
Kerberos
​
HarmJ0y - roasting-as-reps
- Article about Kerberos preauthentication
​
HarmJ0y/ASREPRoast
- Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.
Tunneling
​
SShuttle
- SShuttle creates an SSH tunnel that works almost just like a VPN
Command and control (C2)
​
SANS Pentest Blog
- Using Amazon AWS EC2 for C2
​
lukebaggett/dnscat2-powershell
- Powershell implementation of dnscat2 client
​
C2 with dnscat2 and powershell
- dnscat2 can be used with powershell for working over DNS to hide C2 activity
​
DNS tunneling
- How DNS tunneling works
Exploit
​
SharpShooter
- SharpShooter can create payloads for many formats like HTA, JS and VBS
​
DCShadow
- DCShadow, attack technique to create a rogue domain controller
Mail
​
Ruler
- Ruler can interact with Exchange servers remotely
Breaking out of locked down environments
​
Breaking Out of Citrix and other Restricted Desktop Environments
​
​
Applocker Case study
- Breaking out of Applocker using advanced techniques
​
Bypass Applocker
- List of most known Applocker bypass techniques
​
Babushka Dolls or How To Bypass Application Whitelisting and Constrained Powershell
​
Defense
​
MS - Securing privileged access
- Reference material for securing admin access in AD
​
MS - What is AD Red Forest
- Red forest design is building an administrative AD environement built with security in mind
​
Managing Applocker with Powershell
​
​
SANS - Finding Empire C2 activity
​
Lab building
​
The Eye
- Official MSDN ISOs for all OSes
​
Automatedlab/Automatedlab
- Automatedlab is a project for building a lab environment automatically using Powershell.
​
Building a lab with ESXI and Vagrant
- Big article from this book about building a lab using ESXi
​
Mini lab
- Small article from this book about creating a small lab for practicing things like Responder
Other
​
OSCP Survival Guide archived
- contains a ton of useful commands for enumeration and exploitation
Defense evasion - Previous
Stealth
Next - OTHER
Writeups
Last modified
4yr ago
Copy link
Outline
Microsoft
Powershell
Empire
Powerview
Bloodhound
Mimikatz
Enumeration
Kerberos
Tunneling
Command and control (C2)
Exploit
Breaking out of locked down environments
Defense
Lab building
Other