Red Team Notes
1.0.0
1.0.0
  • Introduction
  • PowerShell
    • find_files_by_name
    • powershell_web_access
    • enable_psremoting
    • powershell_sans_cheat
    • powerup_-_privilege_escalation
    • user_enumeration
    • powershell_-_quickies
    • constrained_language_breakout
    • powershell_-_get-system
    • domain_enumeration
    • powershell
    • random_powershell
  • mainframe
    • tso_commands
    • nmap_stuff_-_recon
  • Links and Random
    • Commands--mount-shares
    • Commands--responder
    • Commands--nac_testing
    • trash
    • Commands--nessus-openvas
    • Commands--named_pipes
    • ptx
    • Commands--mortar-shells
    • Redis-Cheatsheet
    • wifi_driver_stuff
    • bypassing_applocker_living_off_land
    • Commands--remote_and_local_file_inclusion
    • Commands--netcat-ftp
    • mimikatz
  • wifi-hacking
    • eaphammer
    • aircrack-ng_and_jtr_attack
    • new_page
    • cracking_wpa_attack
    • aircrack-ng
    • wifite
    • basics
    • hostapd
    • cowpatty_attack
    • rogue_access_point
    • cracking_wep_via_a_client_attack
    • handshake-via-pcap
    • clientless_wep_attack
    • fluxion
    • reaver
    • crack_wep
    • pyrit_attack
    • wep_shared_key_authentication_attack
  • mobile
    • qark
    • dex2jar
    • jd-gui
    • mobile
    • baby_steps
    • apktool
    • smali_and_baksmali
  • Cobalt-Strike
    • apache_rewrite_.htaccess
    • playbook
      • mail_and_smtp_enumeration-manipulation
      • lateral_movement
      • overpass_the_hash_with_rubeus-beacon_-_h
      • persistence
      • privilege_escalation
      • after_initial_access
    • situational_awareness_-_harmj0y
    • malleable
    • sid_hopping
    • generating_certificates
    • safety
    • random_commands
    • golden_ticket
    • go_daddy_domain
    • github_repos
    • malware_av_evasion
    • malware_av_evasion--main.go
    • c2_infrastructure
    • cobalt_strike_certificates
    • cpl_resource_runner_payload
  • Metasploit
    • nessus
    • network
    • meterpreter
  • Information Gathering Enumeration
    • 35 Searchsploit
    • 30 Find
    • 21 WinRM
    • 50 Gobuster
    • Enumeration by Port Number
    • 40 Active Directory
    • Linux Prevesc
    • pivoting
    • 20 Reconnoitre
    • Kerberos cheatsheet
    • 11 SMB Part 1
    • 00 ENUMERATION
    • 10 Nmap
    • 12-check-for-anonymous-smb
    • bruteforcing
    • 60 DNS Enumeration
    • 15 Firefox
  • Commands
    • rbash
    • tools-sources
    • tar
    • network-change-ip
    • sed_and_changing_files_for_malware_evasi
    • web_discovery
    • xxd
    • droopescan
    • c#
    • proxychains-admin-network
    • de-duplicate
    • privilege-escalation-windows_-_and_empir
    • ping_sweep
    • wget
    • snmp
    • custom-payloads
    • python
    • curl-wget
    • proxychains
    • goddi_-_domain_enumeration
    • nginx-bypass
    • outlook_and_owa
    • physical_hacking--rasperry_pi
    • have_a_shell
    • xml-xxe-xpath
    • xss-iframe
    • port-forward
    • physical_hacking
    • pack
    • client-side-iframe-attack
    • waf
    • laps
    • images-with-files-in-them
    • fresh-install
    • privilege-escalation-linux
    • masscan
    • arp-spoof
    • shellshock-squid
    • merlin
    • redis
    • get-browserdata
    • lateral_movement
    • smb-netbios-rpc
    • password-cracking
    • virtual-box_guest_additions
    • host_discovery-dns
    • certificate_tls_and_ssl
    • postgresql
    • physical_hacking--bash_bunny
    • powerview--new_page
    • mail_sniper
    • searchsploit
    • crackmapexec
    • user_agent
    • lolbins
    • files-inside-of-pictures
    • random_shellcode_-_scratch-pad
    • linux
    • ports
    • block-ip-iptables
    • httpscreenshot
    • dnscat
    • wp-scan
    • gather-gpp-creds
    • group-policy-decrypt-passwords
    • buffer-overflow
    • mac_address_change
    • sql
    • compiling-code
    • shell-for-buffer-overflow
    • hex_encode_command_line
    • spawn_a_better_shell_-_break_out_of_shit
    • nikto-proxy
    • osint
    • assembly
    • sshuttle
    • nmap_and_scanning
    • root_user_add
    • pass_the_hash
    • test-for-xxe
    • payloads
    • webdav
    • cut_commands
    • unicorn_scan
    • rdesktop_and_screen_for_linux
    • spooler_exploit
    • dns-zone-transfer
    • ssh
    • password-grep
  • reverse-shell-one-liners
    • ruby
    • c-language-reverse-shell
    • reverse_shell_one_liners
    • perl-reverse-shell-cgi-format
    • java_reverse_shell
    • python_reverse_shell
  • Bypass-Applocker
    • vbs_macro
    • pubprn.vbs
    • demiguise
    • mshta
    • regsvcs
    • regasm_2
    • bypass-uac
    • installutil
  • windows
    • uninstall_patches
    • passwords
    • powerview_3.0,_harmj0y
    • port_forward
    • powerview_acl_enum-abuse
    • powerview,_enumerate_groups-ac
    • search_4_loot
    • firewall
    • laps_abuse
    • enumeration
    • Windows
    • Windows_service_abuse
    • Windows Enumeration
  • mimikatz
    • mimikatz_list_modules
    • list_commands_in_module
    • mimikatz
    • remote_control_rpc
    • applocker_bypass_and_other_sn
    • mimikatz_-_start_and_stop_processes
    • base64_all_the_things
    • rdp
    • avoid_new_events
    • mimikatz_-_tokens
  • red-team
    • privilege_escalation_across_trusts
    • file_servers_and_files
    • lateral_movement
    • Commands--red_team
    • forest_enumeration
    • persistence_techniques
    • privilege_escalation
  • Start Procedure
    • Start-Procedure
  • Tools to add to Kali Linux
  • AD-notes
    • more-ad-notes
    • bloodhound
    • ad-notes-chirag
    • enumeration
    • pam_abuse
    • laps_abuse
    • domain_privilege_escalation
    • active_directory_one_liners
  • Setting up Kali Linux
    • Tools to add to Kali Linux
    • Items to Install in Kali
      • tmux
        • tmux_config
        • Setup_-_TMUX
        • tmux_cheat_sheet
      • crontab
      • rclone
      • Items_to_install_in_Kali
    • Tools to install
  • SQL
    • abusing_sql_server_trusts--privilege_escalation
    • abusing_sql_server_trusts
    • abusing_sql_server_trusts--post_exploitation_enumeration
    • 31 SQL
  • tools to install
  • command line
  • simple note
  • Enumeration
  • Tools to install on Windows
  • temp-readme
Powered by GitBook
On this page

Was this helpful?

  1. Cobalt-Strike
  2. playbook

after_initial_access

Previousprivilege_escalationNextsituational_awareness_-_harmj0y

Last updated 3 years ago

Was this helpful?

AFTER INITIAL ACCESS Put Your Seatbelt on!

  1. Make sure you have the binaries and aggressor scripts loaded onto your Cobalt Strike client

- This is caught - don't use!!!!!!!!!!!!

- Right click on session and click EDR Query - This results in moderate feedback

- execute-assembly /opt/seatbelt.exe all **PREFERRED

Note the following

Reboot Schedule Domain SID UAC System Policies Logon Server AKA DOMAIN CONTROLLER Domain Name Local Group Memberships Drive Information RDP Sessions Network Shares Potential Defensive Processes Current User SID DPAPI Master Keys

https://raw.githubusercontent.com/harleyQu1nn/AggressorScripts/master/AVQuery.cna
https://raw.githubusercontent.com/harleyQu1nn/AggressorScripts/master/EDR.cna
https://github.com/GhostPack/Seatbelt