Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
71630ca
commit 7576062
Showing
2 changed files
with
189 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# Contributing | ||
|
||
Your contributions are always welcome! | ||
|
||
## Guidelines | ||
|
||
* Add one link per Pull Request. | ||
* Add the link: `* [resource-name](http://example.com/) - A short description ends with a period.` | ||
* Keep descriptions concise. | ||
* Add a section if needed. | ||
* Add the section description. | ||
* Add the section title to Contents. | ||
* Search previous suggestions before making a new one, as yours may be a duplicate. | ||
* Check your spelling and grammar. | ||
* Remove any trailing whitespace. | ||
* Send a Pull Request with the reason why the resource is awesome. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,173 @@ | ||
# awesome-windows-red-team | ||
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams | ||
# Awesome Windows Red Team [![Awesome](https://awesome.re/badge.svg)](https://awesome.re) | ||
|
||
> A curated list of awesome Windows talks, tools and resources for Red Teams, from beginners to ninjas. | ||
## Contents | ||
|
||
* [Books](#books) | ||
* [Courses](#courses) | ||
* [System Architecture](#system-architecture) | ||
* [Active Directory](#active-directory) | ||
* [Kerberos](#kerberos) | ||
* [Lssass SAM NTLM GPO](#lssass-sam-ntlm-gpo) | ||
* [WinAPI](#winapi) | ||
* [Lateral Movement](#lateral-movement) | ||
* [Pass the Hash](#pass-the-hash) | ||
* [Pass the Ticket](#pass-the-ticket) | ||
* [Privilege Escalation](#privilege-escalation) | ||
* [UAC bypass](#uac-bypass) | ||
* [Defense Evasion](#defense-evasion) | ||
* [Exfiltration](#exfiltration) | ||
* [PowerShell](#powershell) | ||
* [Phishing](#phishing) | ||
* [Maldocs](#maldocs) | ||
* [Macros](#macros) | ||
* [DDE](#dde) | ||
* [HTA](#hta) | ||
* [Tools](#tools) | ||
|
||
## Books | ||
|
||
* [Windows Internals, Seventh Edition, Part 1](https://www.amazon.com.br/Windows-Internals-Book-User-Mode/dp/0735684189?tag=goog0ef-20&smid=A1ZZFT5FULY4LN) | ||
* [Windows Internals, Sixth Edition, Part 1](https://www.amazon.com.br/Windows-Internals-Part-Developer-Reference-ebook/dp/B00JDMPHIG?tag=goog0ef-20&smid=A18CNA8NWQSYHH) | ||
* [Windows Internals, Sixth Edition, Part 2](https://www.amazon.com/Windows-Internals-Part-Developer-Reference/dp/0735665877) | ||
* [How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK](https://www.amazon.com/How-Hack-Like-PORNSTAR-breaking-ebook/dp/B01MTDLGQQ) | ||
* [The Hacker Playbook 3: Practical Guide To Penetration Testing](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2) | ||
|
||
## Courses | ||
|
||
* [Professor Messer's CompTIA SY0-501 Security+ Course](http://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/) | ||
* [Penetration Testing with Kali (PWK) Online Security Training Course](https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/) | ||
* [Offensive Security Certified Expert](https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/) | ||
* [Advanced Windows Exploitation: Live Hands-on Penetration Testing Training](https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/) | ||
* [Windows API Exploitation Recipes: Processes, Tokens and Memory RW](https://www.pentesteracademy.com/course?id=31) | ||
* [Powershell for Pentesters - Pentester Academy](https://www.pentesteracademy.com/course?id=21) | ||
* [WMI Attacks and Defense - Pentester Academy](https://www.pentesteracademy.com/course?id=34) | ||
* [Windows Red Team Lab - Pentester Academy](https://www.pentesteracademy.com/redteamlab) | ||
|
||
## System Architecture | ||
|
||
### Active Directory | ||
|
||
* [ADsecurity.org](https://adsecurity.org/) | ||
* [DerbyCon4 - How to Secure and Sys Admin Windows like a Boss](https://www.youtube.com/watch?v=jKpaaDKVovk&t=0s&list=PLz8yKJBzAxrslURpq0TcmLl7JS-sRNmog&index=79) | ||
* [DEFCON 20: Owned in 60 Seconds: From Network Guest to Windows Domain Admin](https://www.youtube.com/watch?v=nHU3ujyw_sQ) | ||
* [BH2015 - Red Vs. Blue: Modern Active Directory Attacks, Detection, And Protection](https://www.youtube.com/watch?v=b6GUXerE9Ac) | ||
* [BH2016 - Beyond the Mcse: Active Directory for the Security Professional](https://www.youtube.com/watch?v=2w1cesS7pGY) | ||
* [BH2017 - Evading Microsoft ATA for Active Directory Domination ](https://www.youtube.com/watch?v=bHkv63-1GBY) | ||
* [DEFCON 26 - Exploiting Active Directory Administrator Insecurities](https://www.youtube.com/watch?v=WaGgofGnWaI) | ||
* [BH2017 - An ACE Up the Sleeve: Designing Active Directory DACL Backdoors](https://www.youtube.com/watch?v=ys1LZ1MzIxE) | ||
* [DerbyCon7 - Building the DeathStar getting Domain Admin with a push of a button (aka how I almost automated myself out pf a job)](https://www.youtube.com/watch?v=kGoc_apljpU) | ||
* [DerbyCon4 - Abusing Active Directory in Post Exploitation](https://www.youtube.com/watch?v=sTU-70dD-Ok&t=0s&list=PLz8yKJBzAxrslURpq0TcmLl7JS-sRNmog&index=12) | ||
|
||
|
||
### Kerberos | ||
|
||
* [MicroNugget: How Does Kerberos Work?](https://www.youtube.com/watch?v=kp5d8Yv3-0c) | ||
* [MIT 6.858 Fall 2014 Lecture 13: Kerberos](https://www.youtube.com/watch?v=bcWxLl8x33c) | ||
* [DerbyCon4 - Et tu Kerberos](https://www.youtube.com/watch?v=RIRQQCM4wz8&t=0s&list=PLz8yKJBzAxrslURpq0TcmLl7JS-sRNmog&index=14) | ||
* [DerbyCon7 - Return From The Underworld The Future Of Red Team Kerberos](https://www.youtube.com/watch?v=E_BNhuGmJwM&t=0s&index=2&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3) | ||
* [BH2014 - Abusing Microsoft Kerberos: Sorry You Guys Don't Get It](https://www.youtube.com/watch?v=lJQn06QLwEw) | ||
* [DerbyCon4 - Attacking Microsoft Kerberos Kicking the Guard Dog of Hades](https://www.youtube.com/watch?v=PUyhlN-E5MU&t=0s&list=PLz8yKJBzAxrslURpq0TcmLl7JS-sRNmog&index=57) | ||
|
||
### Lsass SAM NTLM GPO | ||
|
||
* [Retrieving NTLM Hashes without touching LSASS: the “Internal Monologue” Attack](https://www.andreafortuna.org/dfir/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/) | ||
* [ATT&CK - Credential Dumping](https://attack.mitre.org/wiki/Technique/T1003) | ||
* [BH2002 - Cracking NTLMv2 Authentication](https://www.youtube.com/watch?v=x4c8J70kHKc) | ||
* [DerbyCon7 - Securing Windows with Group Policy ](https://www.youtube.com/watch?v=Upeaa2rgozk&t=0s&index=66&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3) | ||
* [Abusing GPO Permissions](https://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/) | ||
* [Targeted Kerberoasting](https://www.harmj0y.net/blog/activedirectory/targeted-kerberoasting/) | ||
|
||
### WinAPI | ||
|
||
* [DerbyCon4 - Getting Windows to Play with Itself: A Pen Testers Guide to Windows API Abuse](https://www.youtube.com/watch?v=xll_RXQX_Is&index=7&list=PLNhlcxQZJSm8o9c_2_iDDTV6tCPdMp5dg&t=0s) | ||
|
||
## Lateral Movement | ||
|
||
### Pass the Hash | ||
|
||
* [ATT&CK - Pass the Hash](https://attack.mitre.org/wiki/Technique/T1075) | ||
* [BH2013 - Pass the Hash and other credential theft and reuse: Preventing Lateral Movement...](https://www.youtube.com/watch?v=xxwIh2pvbyw&t=345s) | ||
* [BH2013 - Pass the Hash 2: The Admin's Revenge](https://www.youtube.com/watch?v=A5xntvKaRlk) | ||
* [From Pass-the-Hash to Pass-the-Ticket with No Pain](https://resources.infosecinstitute.com/pass-hash-pass-ticket-no-pain/#gref) | ||
* [Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy](http://www.harmj0y.net/blog/redteaming/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy/) | ||
|
||
### Pass the Ticket | ||
|
||
* [ATT&CK - Pass the Ticket](https://attack.mitre.org/wiki/Technique/T1097) | ||
|
||
## Privilege Escalation | ||
|
||
* [Level Up! Practical Windows Privilege Escalation - Andrew Smith](https://www.youtube.com/watch?v=PC_iMqiuIRQ) | ||
* [Windows Privilege Escalation Presentation](https://www.youtube.com/watch?v=mcJ3aRSqGSo) | ||
* [Windows Kernel Exploits](https://github.com/SecWiki/windows-kernel-exploits) | ||
* [DEF CON 22 - Kallenberg and Kovah - Extreme Privilege Escalation On Windows 8/UEFI Systems](https://www.youtube.com/watch?v=d6VCri6sPnY) | ||
* [DEF CON 25 - Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level](https://www.youtube.com/watch?v=Gu_5kkErQ6Y) | ||
* [DerbyCon7 - Not a Security Boundary Bypassing User Account Control](https://www.youtube.com/watch?v=c8LgqtATAnE&t=0s&index=21&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3) | ||
|
||
## Defense Evasion | ||
|
||
* [DerbyCon3 - Antivirus Evasion Lessons Learned](https://www.youtube.com/watch?v=ycgaekqAkpA) | ||
* [DerbyCon7 - T110 Modern Evasion Techniques](https://www.youtube.com/watch?v=xcA2riLyHtQ) | ||
* [DerbyCon7 - Evading Autoruns](https://www.youtube.com/watch?v=AEmuhCwFL5I) | ||
* [Red Team Techniques for Evading, Bypassing & Disabling MS](https://www.youtube.com/watch?v=2HNuzUuVyv0) | ||
|
||
## Exfiltration | ||
|
||
* [Abusing Windows Management Instrumentation (WMI)](https://www.youtube.com/watch?v=0SjMgnGwpq8) | ||
* [DEF CON 23 - Panel - WhyMI so Sexy: WMI Attacks - Real Time Defense and Advanced Forensics](https://www.youtube.com/watch?v=xBd6p-Lz3kE) | ||
* [DerbyCon3 - Living Off The Land A Minimalist's Guide To Windows Post Exploitation](https://www.youtube.com/watch?v=j-r6UonEkUw) | ||
|
||
## PowerShell | ||
|
||
* [DEF CON 18 - David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg](https://www.youtube.com/watch?v=q5pA49C7QJg) | ||
* [DEF CON 22 - Investigating PowerShell Attacks](https://www.youtube.com/watch?v=EcOf1s90vsg) | ||
* [DerbyCon2016 - 106 PowerShell Secrets and Tactics Ben0xA](https://www.youtube.com/watch?v=mPPv6_adTyg) | ||
* [Daniel Bohannon – Invoke-Obfuscation: PowerShell obFUsk8tion](https://www.youtube.com/watch?v=uE8IAxM_BhE) | ||
* [BH2017 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science](https://www.youtube.com/watch?v=x97ejtv56xw) | ||
|
||
## Phishing | ||
|
||
### Maldocs | ||
|
||
* [Phishing with Maldocs](https://www.n00py.io/2017/04/phishing-with-maldocs/) | ||
* [Phishing with Empire](https://enigma0x3.net/2016/03/15/phishing-with-empire/) | ||
|
||
### Macros | ||
|
||
* [Phishing with Macros and Powershell](https://www.securitysift.com/phishing-with-macros-and-powershell/) | ||
|
||
### DDE | ||
|
||
* [About Dynamic Data Exchange](https://docs.microsoft.com/en-us/windows/desktop/dataxchg/about-dynamic-data-exchange) | ||
* [Abusing Microsoft Office DDE](https://www.securitysift.com/abusing-microsoft-office-dde/) | ||
* [Microsoft Office Dynamic Data Exchange(DDE) attacks](https://resources.infosecinstitute.com/microsoft-office-dynamic-data-exchangedde-attacks/#gref) | ||
* [Office-DDE-Payloads](https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads) | ||
|
||
### HTA | ||
|
||
* [Hacking around HTA files](http://blog.sevagas.com/?Hacking-around-HTA-files) | ||
|
||
## Tools | ||
|
||
* [Mimikatz](https://github.com/gentilkiwi/mimikatz) | ||
* [Cobalt Strike](https://www.cobaltstrike.com/) | ||
* [BloodHound](https://github.com/BloodHoundAD/BloodHound) | ||
* [Empire](https://github.com/EmpireProject/Empire) | ||
* [Nishang](https://github.com/samratashok/nishang) | ||
* [Responder](https://github.com/SpiderLabs/Responder) | ||
* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) | ||
* [PSExec](https://www.toshellandback.com/2017/02/11/psexec/) | ||
|
||
# Other Awesome Lists | ||
|
||
* [Awesome Red Teaming](https://github.com/yeyintminthuhtut/Awesome-Red-Teaming) | ||
* [Red Teaming Toolkit](https://github.com/infosecn1nja/Red-Teaming-Toolkit) | ||
* [Red Team Infrastructure Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki) | ||
* [Awesome Pentest](https://github.com/Muhammd/Awesome-Pentest) | ||
|
||
# Contributing | ||
Your contributions are always welcome! Please take a look at the contribution guidelines first. | ||
|
||
If you have any question about this opinionated list, do not hesitate to contact me @_mvalle_ on Twitter or open an issue on GitHub. |