Blog Posts and Goodies

A collection of blog posts & goodies that I have found useful and continue to reference.

Blogs
​ADSecurity - Tons of red teaming and active directory resources
​BadSectorLabs - Updated weekly with attack techniques and tooling
​Mubix - Mubix's blog. Details attacks and research
​SpecterOps - Specter Op's blog. New research and detailed exploitation
​BishopFox - Bishop Fox's blog has tons of different resources! Topics such as red teaming, breaking into the industry, etc.
​TrustedSec - TrustedSec's blog. One of my favorites, tons of good information here
​BlackHillsInfoSec - Blackhills' blog. Lots of different attacks and techniques detailed here
​mr.d0x - Causal Red Team & Security Research Notes from mr.d0x
Blog Posts
​Lateral_Movement_Tips_and_Tricks​
​Attack_Methods_for_Gaining_Domain_Adin_Rights_in_Active_Directory​
​Practical_Usage_of_NTLM_Hashes​
​Mitigations_for_LSA_Credential_Exposure​
​Red_+Blue=_Purple​
​SMI_Protocol_and_why_Nessus_is_wrong​
​Internal_Pivot_Network_Enumeration_&_Lateral_Movement​
​EyeWitness_and_why_it_Rocks​
​Attack_Microsoft_Exchange_Web_Interface​
​GoPhish_with_SendGrid​
​Finding_Buried_Treasure_in_Server_Message_Block​
​Top_Five_Ways_I_Got_Domain_Admin​
​A_Complete_Guide_to_Perform_External_Penetration_Testing​
​How_I_Learned_to_Love_AD_Explorer​
​NTLM_Relaying_via_Cobalt_Strike​
​NTLM_Relaying_to_AD_CS​
​Phish_for_User_Passwords_with_PowerShell​
​Pushing_Your_Way_In​
​Password_Spraying_Outlook_Web_Access​
​Practical_Guide_to_NTLM_Relaying​
​Finding_Buried_Treasure_in_SMB​
​Tips_for_Pentesting_a_PCI_Environment​
​Top_16_Active_Directory_Vulnerabilities​
​Post_Exploitation_Windows_commands​
​Shadow_Credentials_Workstation_Takeover_Edition​
​Hiding_Behind_the_Front_door​
​Attacking_Active_Directory:_0_to_0.9​
​Windows_Lateral_Movement_with_SMB_Psexec_and_Alternatives​
​Web_Shells_101_Using_PHP​
Checklists
​A_Primer_on_DCSync_Attack_and_Detection​
Mindmaps
​Internal_Network_Pentest_Mindmap​
Quick References
​Dumping_and_Cracking_mscash​
​Force_NTLM_Privileged_Authentication​
Tool Lists
​Al1ex Pentest Tools​
Wikis
​Vincent_Yiu_Red_Team_Tips​
​HackTricks​
​LOLBAS​
​GTFOBins​
​WadComs​
​iRedTeam​
​Pentest_Wikipedia​
​Active_Directory_Exploitation_Cheatsheet​
​Book_of_Secret_Knowledge​
​PayloadAllTheThings​
​Penetration_Testing_Framework​
​Windows_Priv_Esc_Guide​
​Attacking_and_Securing_Active_Directory​
​The_Hacker_Recipes​
Methodologies
​PenTest_Methodology_2020​
​PenTesters_Promiscuous_Notebook​
​Internal_Pentest_Playbook​
​Pentest_Compilation​
​Pentest-Guide​

Red Teaming - Previous

Offensive Tactics

Next - Resources

Checklists

Last modified 6mo ago