Intel-driven

Introduction
- What?
- Why?
- How?
TIBER-EU
- Resources
MITRE ATT&CK
- Resources
OST Map
- Resources

Opsec

Introduction
- What?
- Why?
- How?
Identify critical information
Analyse threats
Analyse vulnerabilities
Assess risks
Apply appropriate countermeasures
Hide your tracks

Preparation

Introduction
- What?
- Why?
- How?
Falconry (in "In")
Lay of the land (in "In")

Weaponisation

Introduction
- What?
- Why?
- How?
Gain unauthorised access
- Attack tree
- Notes
Windows Scripting Host (WSH)
- Show a message box
- Run exe files
HTML Application (HTA)
- Reverse shell
Visual Basic for Application (VBA)
- Execute a bin
- Use msfvenom for VBA
Powershell
- Execution policy
- Reverse shell
Getting out of the box (BeEF)
- Attack tree
- Notes
  - Alternatives for pentesting
  - Alternatives for red teaming
Command and control (C2)
Attack infrastructure as code (in "In")
Delivery techniques
Create a botnet
SEO poisoning
- Attack tree
- Notes

Password attacks

Introduction
- What?
- Why?
- How?
Password profiling
Brute-force and dictionary attacks
- Attack tree
- Examples
  - SSH
- Notes
- Scripts
- Resources
Password spraying
- Attack tree
- Examples
  - SSH
- Notes
Hash cracking
- Attack tree
- Example
- Notes
- Tools
- Resources

Phishing

Introduction
- What?
- Why?
- How?
Phishing overview
- Attack tree
- Notes
Mail delivery
- Attack tree
- Notes
- Tools
Steal access info with fake login page
Webpage with BeEF hook
Use analytics to lure a target
Fake prompts everywhere
- Attack tree
- Notes
- Tools
Pharming overview
- Attack tree
- Notes
Credential stuffing
- Attack tree
- Notes

Enumeration

Introduction
- What?
- Why?
- How?
Passive scanning
- Attack tree
- Notes
- Tools
Linux
Windows
- System
- Users
- Networking
Running services
DNS
SMB
SNMP
More Windows tools

Escalation

Introduction
- What?
- Why?
- How?
Windows escalation tools
Reuseful escalation patterns
Harvesting passwords
Quick misconfiguration wins
Abusing service misconfigurations
Abusing dangerous privileges
Abusing vulnerable software

Persistence

Introduction
- What?
- Why?
- How?
Tampering with unprivileged accounts
Backdooring files
Abusing services
- Creating backdoor services
- Modifying existing services
Abusing scheduled tasks
Logon triggered persistence
Backdooring the login screen/RDP
- Sticky Keys
- Utilman
Persisting through existing services
- Using web shells
- Using MSSQL as a backdoor

Lateral movement and pivoting

Introduction
- What?
- Why?
- How?
Mythical blue lake

Data exfiltration

Introduction
- What?
- Why?
- How?
Data exfiltration (in "Out")

Forest fire

Ty Myrddin Home
Unseen University
Improbability Blog
About
Contact

Introduction

What?

Recon, adapting the attack infrastructure, setting up the hooks, running the phishing campaign.

Why?

Getting in.

How?

Phishing overview
Mail delivery
Steal access info with fake login page
Webpage with BeEF hook
Use analytics to lure a target
Fake prompts everywhere
Pharming overview
Credential stuffing

Previous Next

Unseen University, 2024, with a forest garden fostered by /ut7.