https://orange-cyberdefense.github.io/ocd-mindmaps/ https://www.hackingarticles.in/red-teaming/ # Post exploitation https://viblo.asia/p/ky-thuat-post-exploitation-trong-red-team-p1-linux-Ny0VGjXYLPA --> keylogger,bypass antivirus .bashrc .vimrc file https://viblo.asia/p/domain-fronting-an-giau-luu-luong-c2-E375zAkblGW # Persistent ## active directory https://viblo.asia/p/ky-thuat-persistence-trong-red-teaming-phan-1-x7Z4D6ryLnX ## Windows https://viblo.asia/p/gioi-thieu-ve-kiem-thu-xam-nhap-phan-6-persistence-Yym40n2dL91 registry schedule task service wmi add user https://quantrimang.com/cong-nghe/giau-du-lieu-trong-1-tap-tin-van-ban-bi-mat-72691 dir /r #detact https://aidanstansfield.github.io/2020/05/15/sharkyctf-penteeeeest.html config ssh to login as root https://x.com/Alh4zr3d/status/1580925761996828672?s=20&t=3IV0LmMvw-ThCCj_kgpjwg Hiding Windows services ## Linux https://hackersploit.org/linux-red-team-persistence-techniques/ add user .bashrc file # Whenever a user logs in to the user account, the command in the .bashrc file will webshell cronjob https://viblo.asia/p/ky-thuat-persistence-trong-red-teaming-phan-1-x7Z4D6ryLnX Add a root user suid Binary Crontab startup service PAM APT (Ubuntu/Debian) Kernel Driver Kernel core pattern udev device https://hadess.io/the-art-of-linux-persistence/ cron job Systemd Timers Shell Configuration Modification #pretty good Dynamic Linker Hijacking -> LD_preload rc.common/rc.local Purpose: It’s executed by the init system at the end of the boot process. Systemd Services #useful tips Trap # Ctrl+C to trigger System Call MOTD Backdooring #whenever a user SSH to the system apt git https://hackersploit.org/linux-red-team-defense-evasion-hiding-linux-processes/ hiding linux process # Lateral movement https://viblo.asia/p/linux-lateral-movement-leo-quyen-ngang-tren-linux-1Je5EzX1KnL decode rsa_id write the log of ssh sniff passwd FTP Pamspy "bắt" được mật khẩu https://aidanstansfield.github.io/2020/05/15/sharkyctf-penteeeeest.html config ssh to login as root ## wmi https://www.crowdstrike.com/blog/how-to-detect-and-prevent-impackets-wmiexec/ https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ https://sec.vnpt.vn/2024/02/review-wmi-tool/ # APT https://blog.viettelcybersecurity.com/canh-bao-chien-dich-tan-cong-cua-nhom-apt-darkpink-nham-den-vao-nuoc-dong-nam-a/?fbclid=IwAR0G9NS1DgOexSymY4LUDfEYNVsWdVtSAHPyTkJgF8c-mHSHQqiU47I-EFo # Social engineering https://nhattruong.blog/2022/12/25/tan-cong-social-engineering-toan-tap-part-2/ # ATM https://viblo.asia/p/kiosk-breakouts-lo-hong-la-tai-va-cau-chuyen-bypass-cay-atm-cua-mot-ngan-hang-m2vJPOyx4eK#_7-cau-chuyen-ve-bypass-cay-atm-cua-mot-ngan-hang-9 ``` //etc/hostname file://var/www/localhost file://, chrome:// , ftp:// , mailto:// smb:// irc:// ``` # tool https://websitehcm.com/10-phan-mem-keylogger-mien-phi-tot-nhat/ https://anonyviet.com/cach-cai-dat-va-su-dung-cobalt-strike-danh-cho-red-team/ https://anonyviet.com/anvrs-cong-cu-reverse-shell-bypass-antivirus/ ## scan system https://anonyviet.com/cach-quet-lo-hong-he-thong-bang-mitre-attck/ # IoT ## Printer print vuln -> priv https://www.4rth4s.xyz/2021/09/learning-printnightmare-cve-2021-1675.html https://github.com/cube0x0/CVE-2021-1675 # Active directory havoc https://viblo.asia/p/gia-lap-tan-cong-mang-voi-infection-monkey-2oKLn85g4QO ## Build https://sec.vnpt.vn/2022/10/build-a-basic-active-directory-lab-for-penetration-testing/ https://bohansec.com/2020/10/10/How-To-Set-Up-AD-Attack-Lab-Part-1/ ## pentest https://sec.vnpt.vn/2023/01/ky-thuat-attacking-kerberos-as-rep-roasting/ https://sec.vnpt.vn/2023/03/breaching-and-enumerating-active-directory/ https://sec.vnpt.vn/2024/03/htb-manager-windows/ Sử dụng Kerbrute để tìm các username thực có thể đăng nhập ## force authentication https://sec.vnpt.vn/2023/02/kerberos-unconstrained-delegation-attack/ https://www.youtube.com/watch?v=iJtFcPkJfEk Stealing Passwords via Forced Authenticaton (Credential Access) `<img src="file://10.2.102.169/images/logo.png">` detect defend crack NTLM hash https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/ # AWS ## SSRF https://medium.com/@nandan_writes/ssrf-and-imds-understanding-the-relationship-and-imdsv1-vulnerabilities-1bf467f7da8a https://www.youtube.com/watch?v=dYGxq5P14Wg https://www.crowdstrike.com/blog/best-practices-to-secure-aws-resources/ # Azure https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/ # Defend and evasion https://hackersploit.org/windows-red-team-defense-evasion-techniques/ Invoke-Obfuscation