Red Team Notes
1.0.0
1.0.0
  • Introduction
  • PowerShell
    • find_files_by_name
    • powershell_web_access
    • enable_psremoting
    • powershell_sans_cheat
    • powerup_-_privilege_escalation
    • user_enumeration
    • powershell_-_quickies
    • constrained_language_breakout
    • powershell_-_get-system
    • domain_enumeration
    • powershell
    • random_powershell
  • mainframe
    • tso_commands
    • nmap_stuff_-_recon
  • Links and Random
    • Commands--mount-shares
    • Commands--responder
    • Commands--nac_testing
    • trash
    • Commands--nessus-openvas
    • Commands--named_pipes
    • ptx
    • Commands--mortar-shells
    • Redis-Cheatsheet
    • wifi_driver_stuff
    • bypassing_applocker_living_off_land
    • Commands--remote_and_local_file_inclusion
    • Commands--netcat-ftp
    • mimikatz
  • wifi-hacking
    • eaphammer
    • aircrack-ng_and_jtr_attack
    • new_page
    • cracking_wpa_attack
    • aircrack-ng
    • wifite
    • basics
    • hostapd
    • cowpatty_attack
    • rogue_access_point
    • cracking_wep_via_a_client_attack
    • handshake-via-pcap
    • clientless_wep_attack
    • fluxion
    • reaver
    • crack_wep
    • pyrit_attack
    • wep_shared_key_authentication_attack
  • mobile
    • qark
    • dex2jar
    • jd-gui
    • mobile
    • baby_steps
    • apktool
    • smali_and_baksmali
  • Cobalt-Strike
    • apache_rewrite_.htaccess
    • playbook
      • mail_and_smtp_enumeration-manipulation
      • lateral_movement
      • overpass_the_hash_with_rubeus-beacon_-_h
      • persistence
      • privilege_escalation
      • after_initial_access
    • situational_awareness_-_harmj0y
    • malleable
    • sid_hopping
    • generating_certificates
    • safety
    • random_commands
    • golden_ticket
    • go_daddy_domain
    • github_repos
    • malware_av_evasion
    • malware_av_evasion--main.go
    • c2_infrastructure
    • cobalt_strike_certificates
    • cpl_resource_runner_payload
  • Metasploit
    • nessus
    • network
    • meterpreter
  • Information Gathering Enumeration
    • 35 Searchsploit
    • 30 Find
    • 21 WinRM
    • 50 Gobuster
    • Enumeration by Port Number
    • 40 Active Directory
    • Linux Prevesc
    • pivoting
    • 20 Reconnoitre
    • Kerberos cheatsheet
    • 11 SMB Part 1
    • 00 ENUMERATION
    • 10 Nmap
    • 12-check-for-anonymous-smb
    • bruteforcing
    • 60 DNS Enumeration
    • 15 Firefox
  • Commands
    • rbash
    • tools-sources
    • tar
    • network-change-ip
    • sed_and_changing_files_for_malware_evasi
    • web_discovery
    • xxd
    • droopescan
    • c#
    • proxychains-admin-network
    • de-duplicate
    • privilege-escalation-windows_-_and_empir
    • ping_sweep
    • wget
    • snmp
    • custom-payloads
    • python
    • curl-wget
    • proxychains
    • goddi_-_domain_enumeration
    • nginx-bypass
    • outlook_and_owa
    • physical_hacking--rasperry_pi
    • have_a_shell
    • xml-xxe-xpath
    • xss-iframe
    • port-forward
    • physical_hacking
    • pack
    • client-side-iframe-attack
    • waf
    • laps
    • images-with-files-in-them
    • fresh-install
    • privilege-escalation-linux
    • masscan
    • arp-spoof
    • shellshock-squid
    • merlin
    • redis
    • get-browserdata
    • lateral_movement
    • smb-netbios-rpc
    • password-cracking
    • virtual-box_guest_additions
    • host_discovery-dns
    • certificate_tls_and_ssl
    • postgresql
    • physical_hacking--bash_bunny
    • powerview--new_page
    • mail_sniper
    • searchsploit
    • crackmapexec
    • user_agent
    • lolbins
    • files-inside-of-pictures
    • random_shellcode_-_scratch-pad
    • linux
    • ports
    • block-ip-iptables
    • httpscreenshot
    • dnscat
    • wp-scan
    • gather-gpp-creds
    • group-policy-decrypt-passwords
    • buffer-overflow
    • mac_address_change
    • sql
    • compiling-code
    • shell-for-buffer-overflow
    • hex_encode_command_line
    • spawn_a_better_shell_-_break_out_of_shit
    • nikto-proxy
    • osint
    • assembly
    • sshuttle
    • nmap_and_scanning
    • root_user_add
    • pass_the_hash
    • test-for-xxe
    • payloads
    • webdav
    • cut_commands
    • unicorn_scan
    • rdesktop_and_screen_for_linux
    • spooler_exploit
    • dns-zone-transfer
    • ssh
    • password-grep
  • reverse-shell-one-liners
    • ruby
    • c-language-reverse-shell
    • reverse_shell_one_liners
    • perl-reverse-shell-cgi-format
    • java_reverse_shell
    • python_reverse_shell
  • Bypass-Applocker
    • vbs_macro
    • pubprn.vbs
    • demiguise
    • mshta
    • regsvcs
    • regasm_2
    • bypass-uac
    • installutil
  • windows
    • uninstall_patches
    • passwords
    • powerview_3.0,_harmj0y
    • port_forward
    • powerview_acl_enum-abuse
    • powerview,_enumerate_groups-ac
    • search_4_loot
    • firewall
    • laps_abuse
    • enumeration
    • Windows
    • Windows_service_abuse
    • Windows Enumeration
  • mimikatz
    • mimikatz_list_modules
    • list_commands_in_module
    • mimikatz
    • remote_control_rpc
    • applocker_bypass_and_other_sn
    • mimikatz_-_start_and_stop_processes
    • base64_all_the_things
    • rdp
    • avoid_new_events
    • mimikatz_-_tokens
  • red-team
    • privilege_escalation_across_trusts
    • file_servers_and_files
    • lateral_movement
    • Commands--red_team
    • forest_enumeration
    • persistence_techniques
    • privilege_escalation
  • Start Procedure
    • Start-Procedure
  • Tools to add to Kali Linux
  • AD-notes
    • more-ad-notes
    • bloodhound
    • ad-notes-chirag
    • enumeration
    • pam_abuse
    • laps_abuse
    • domain_privilege_escalation
    • active_directory_one_liners
  • Setting up Kali Linux
    • Tools to add to Kali Linux
    • Items to Install in Kali
      • tmux
        • tmux_config
        • Setup_-_TMUX
        • tmux_cheat_sheet
      • crontab
      • rclone
      • Items_to_install_in_Kali
    • Tools to install
  • SQL
    • abusing_sql_server_trusts--privilege_escalation
    • abusing_sql_server_trusts
    • abusing_sql_server_trusts--post_exploitation_enumeration
    • 31 SQL
  • tools to install
  • command line
  • simple note
  • Enumeration
  • Tools to install on Windows
  • temp-readme
Powered by GitBook
On this page

Was this helpful?

  1. Cobalt-Strike

safety

SAFETY use spawnto_x86 %windir%\syswow64\svchost.exe in order to not use rundll32

spawnto x86 %windir%\syswow64\svchost.exe spawnto x64 %windir%\sysnative\svchost.exe

use argue command

command 1 = argue ipconfig what is this?

command 2 = run ipconfig /all

The machine will run "ipconfig /all", but show under event logs that you ran "ipconfig what is this?"

Get-NetLocalGroup -COmputerName -GroupName ""

shell net use \ARGON\C$ /U:CITADEL\bharris_a vek3irj1shKt!

do not inject HTTPS payloads into anything other than explorer

Coballt Strike

Do not use net commands native to CS Do not laterally move with built in cobalt strike tools

Previousgenerating_certificatesNextrandom_commands

Last updated 3 years ago

Was this helpful?