Explotacion

Técnicas de Explotación y Movimiento:

  • Weaponization

  • Custom Executables

  • Blending In

  • Execution Guardrails

  • Initial Access

  • Network Propagation

  • Discovery

  • Operational Security

  • Deception Technology

  • Local Network Enumeration

  • Local Privilege Escalation

  • Password Cracking

  • Persistence

  • Active Directory Attacks and Lateral Movement

  • Introduction to Active Directory

  • Trees and Forests

  • Authentication, Authorization, Access Tokens

  • AD Enumerate

  • DNS Extraction

  • Domain Privilege Escalation

  • Access Token Manipulation

  • Pass-The-Hash, Pass-The-Ticket

  • Kerberoasting

  • Silver Ticket, Golden Ticket, Skeleton Key

  • AD Certificate Services

  • Unconstrained and Constrained Delegation

  • Coerced Authentication Using PrinterBug and PetitPotam

  • Hopping the Trust

  • LLMNR/NBNS/WPAD

  • Bloodhound/SharpHound

  • AD Explorer

  • SMB Pipes, Remote Desktop Protocol, PsExec, Windows Management Instrumentation, dcom

  • SMB Relay

  • LLMNR/NBT-NS Poisoning and Relay

  • Responder

  • Setting Up Shadow Credentials

  • Domain Privilege Abuse

  • DC Sync

  • Domain Lateral Movement, Domain Trust Attacks

  • Pivoting Between Domains and Forests

  • Forest Enumeration, Forest Attacks

  • Obtaining the Objective and Reporting

  • Action on Objectives

  • Database Attacks

  • SQL Abuse

  • Trust Abuse

  • PowerupSQL

  • Target Manipulation

  • Collection

  • Data Staging

  • Exfiltration

  • Impact

  • Emulating Ransomware

AnteriorAttack Infrastructure and Operational SecuritySiguienteWeaponization

Última actualización