🥷
Red
  • 🟥Overview
  • 📚Education
    • 🧐Guides
    • 🏋️Training
    • 📕Books
    • 🥳Conventions
    • 📰News
    • 🗝️Physical Tools
    • 🗣️Podcasts
    • 📹YT Channels
  • Setup
    • ctf setup
    • Exploitation Frameworks
    • Learning Offense
    • rando
  • ⭕Attacker Lifecycle
    • Steps
      • Engagement
      • 🔬Recon
        • OSINT
        • Active Recon / footprinting
      • 👀Initial Access
        • Exploit
          • SMB
        • Internal Recon
        • Linux Custom Enum Script
        • enumerate Script
        • Windows Privilege Escalation
      • 🧞Privilege Escalation
        • Ways To Privelege Escalate
      • Data Exfil
        • Data Exfil 1
      • Reporting
  • Bug Bounty
    • Bug Bounty Sites
    • OWASP Top 10
      • Injection
      • Broken Authentication
      • Sensitive Data Exposure
      • XML External Entities (XXE)
      • Broken Access Control
      • Security Misconfigurations
      • Cross-Site Scripting (XSS)
      • Insecure Deserialization
      • Using Components with Known Vulnerabilities
      • Insufficient Logging and Monitoring
Powered by GitBook
On this page
  1. Setup

rando

PreviousLearning OffenseNextSteps

Last updated 1 year ago

PS> netsh int ipv4 show int

chris greer

John hammond - registry fileless persistence

HKCU - run/runonce on 64 & 32

HKLM - run/runonce on 64 & 32

In sysmon update sysmon every hour

Dll is unhooked when whisper is used

`Iconv -t UTF-16LE` makes encoding like windows

Encoding - data integrity

Payload

Stageless(s) is huge

Staged is small

Port protocol host

80 HTTP 192.168.100.1

Not many files on system are within last year

Look for file before 2019 - there are alot

Check wef, user group

Ran in memory

Cr.dll crjit.dll explorer.exe

.net framework - svchost

- use for cyber/internal fury

Look for imp hash that looks up malicious family

What the function calls are related to

Can you verify with cobalt strike what kind of keyboard

Register, /var/log - where usb is saved

Powershell profiles

Comm hijacking

BITS - background intelligence transfer server

LogoGitHub - mandiant/SharPersistGitHub
LogoSecurity. Automation. Analytics.STRONTIC
LogoGitHub - GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.GitHub