Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Pentesting Active Directory and Windows-based Infrastructure

You're reading from   Pentesting Active Directory and Windows-based Infrastructure A comprehensive practical guide to penetration testing Microsoft infrastructure

Arrow left icon
Product type Paperback
Published in Nov 2023
Publisher Packt
ISBN-13 9781804611364
Length 360 pages
Edition 1st Edition
Languages
Concepts
Arrow right icon
Author (1):
Arrow left icon
Denis Isakov Denis Isakov
Author Profile Icon Denis Isakov
Denis Isakov
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Chapter 1: Getting the Lab Ready and Attacking Exchange Server 2. Chapter 2: Defense Evasion FREE CHAPTER 3. Chapter 3: Domain Reconnaissance and Discovery 4. Chapter 4: Credential Access in Domain 5. Chapter 5: Lateral Movement in Domain and Across Forests 6. Chapter 6: Domain Privilege Escalation 7. Chapter 7: Persistence on Domain Level 8. Chapter 8: Abusing Active Directory Certificate Services 9. Chapter 9: Compromising Microsoft SQL Server 10. Chapter 10: Taking Over WSUS and SCCM 11. Index 12. Other Books You May Enjoy

References

  1. Process Hacker: https://processhacker.sourceforge.io/
  2. API monitor: http://www.rohitab.com/apimonitor
  3. AMSI bypass list by S3cur3Th1sSh1t: https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell
  4. AMSI bypass list by Pentestlaboratories: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
  5. Invoke-Obfuscation script: https://github.com/danielbohannon/Invoke-Obfuscation
  6. Nishang project: https://github.com/samratashok/nishang
  7. Powercat: https://github.com/besimorhino/powercat
  8. Persistence via AMSI: https://pentestlab.blog/2021/05/17/persistence-amsi/
  9. Threat Hunting AMSI bypasses by Pentest Laboratories: https://pentestlaboratories.com/2021/06/01/threat-hunting-amsi-bypasses/
  10. Hunt for AMSI bypasses by F-Secure: https://blog.f-secure.com/hunting-for-amsi-bypasses/
  11. Tiraniddo’s research about Applocker internals: https://www.tiraniddo.dev/2019/11/the-internals-of-applocker-part-1.html
  12. Sensitive PowerShell capabilities constrained by CLM: https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/#what-does-constrained-language-constrain
  13. AppLocker beginners guide: https://www.hackingarticles.in/windows-applocker-policy-a-beginners-guide/
  14. AppLocker bypass using InstallUtil: https://www.ired.team/offensive-security/code-execution/t1118-installutil
  15. AppLocker bypass using MSBuild: https://www.ired.team/offensive-security/code-execution/using-msbuild-to-execute-shellcode-in-c
  16. AppLocker bypass list project: https://github.com/api0cradle/UltimateAppLockerByPassList
  17. PowerShdll project uses PowerShell automation DLLs: https://github.com/p3nt4/PowerShdll
  18. PSBypassCLM project to create a wrapper over InstalUtil: https://github.com/padovah4ck/PSByPassCLM
  19. Bypass-CLM project to patch the return value: https://github.com/calebstewart/bypass-clm
  20. Bypass CLM with the help of COM: https://blog.xpnsec.com/constrained-language-mode-bypass/
  21. Bypass CLM by setting the HKCU environment value: https://sp00ks-git.github.io/posts/CLM-Bypass/
  22. AaronLocker project: https://github.com/microsoft/AaronLocker
  23. Deploy WDAC and AppLocker: https://improsec.com/tech-blog/one-thousand-and-one-application-blocks
  24. Sysmon: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
  25. Sysmon Community Guide: https://github.com/trustedsec/SysmonCommunityGuide
  26. Sysmon config version by SwiftOnSecurity: https://github.com/SwiftOnSecurity/sysmon-config
  27. Sysmon config version by Florian Roth: https://github.com/Neo23x0/sysmon-config
  28. Sysmon config version by Olaf Hartong: https://github.com/olafhartong/sysmon-modular
  29. ScriptBlock Logging bypass by cobbr.io: https://cobbr.io/ScriptBlock-Logging-Bypass.html
  30. ScriptBlock Warning Event Logging by cobbr.io: https://cobbr.io/ScriptBlock-Warning-Event-Logging-Bypass.html
  31. DeepBlue: https://github.com/sans-blue-team/DeepBlueCLI
  32. Newish bypasses Part 1: https://www.bc-security.org/post/powershell-logging-obfuscation-and-some-newish-bypasses-part-1/
  33. Newish bypasses Part 2: https://www.bc-security.org/post/powershell-logging-obfuscation-and-some-newish-bypasses-part-2/
  34. PowerShell Protect Module: https://blog.ironmansoftware.com/protect-logging-bypass/
  35. Bypass of EnableTranscripting: https://avantguard.io/en/blog/powershell-enhanced-logging-capabilities-bypass
  36. Invisi-Shell tool: https://github.com/OmerYa/Invisi-Shell and https://www.youtube.com/watch?v=Y3oMEiySxcc
  37. Stracciatella tool: https://github.com/mgeeky/Stracciatella
  38. Detect Sysmon: https://www.ired.team/offensive-security/enumeration-and-discovery/detecting-sysmon-on-the-victim-host
  39. Sysmon tampering: https://medium.com/@olafhartong/endpoint-detection-superpowers-on-the-cheap-part-3-sysmon-tampering-49c2dc9bf6d9
  40. Phant0m tool: https://github.com/hlldz/Phant0m
  41. SysmonQuiet: https://github.com/ScriptIdiot/SysmonQuiet
  42. SysmonEnte: https://codewhitesec.blogspot.com/2022/09/attacks-on-sysmon-revisited-sysmonente.html
  43. Shhmon: https://github.com/matterpreter/Shhmon
  44. ETW beginner’s guide: https://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
  45. Detect malicious usage of .NET part 1: https://blog.f-secure.com/detecting-malicious-use-of-net-part-1/
  46. Detect malicious usage of .NET part 2: https://blog.f-secure.com/detecting-malicious-use-of-net-part-2/
  47. SilkETW: https://github.com/mandiant/SilkETW
  48. Seatbelt: https://github.com/GhostPack/Seatbelt
  49. ConfuserEx: https://github.com/mkaring/ConfuserEx
  50. Bypass ETW by neutering the EtwEventWrite API: https://whiteknightlabs.com/2021/12/11/bypassing-etw-for-fun-and-profit/
  51. Patch EtwEventWrite API: https://blog.xpnsec.com/hiding-your-dotnet-etw/
  52. TamperETW: https://github.com/outflanknl/TamperETW
  53. Evade ETW and AMSI: https://pre.empt.blog/2023/maelstrom-6-working-with-amsi-and-etw-for-red-and-blue
  54. Tampering with ETW: https://blog.palantir.com/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
You have been reading a chapter from
Pentesting Active Directory and Windows-based Infrastructure
Published in: Nov 2023
Publisher: Packt
ISBN-13: 9781804611364
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image