# Blog Posts and Goodies ## Blogs * [ADSecurity](https://adsecurity.org) - Tons of red teaming and active directory resources * [BadSectorLabs](https://blog.badsectorlabs.com) - Updated weekly with attack techniques and tooling * [Mubix](https://malicious.link/post/) - Mubix's blog. Details attacks and research * [SpecterOps](https://posts.specterops.io) - Specter Op's blog. New research and detailed exploitation * [BishopFox](https://labs.bishopfox.com/home) - Bishop Fox's blog has tons of different resources! Topics such as red teaming, breaking into the industry, etc. * [TrustedSec](https://www.trustedsec.com/blog/) - TrustedSec's blog. One of my favorites, tons of good information here * [BlackHillsInfoSec](https://www.blackhillsinfosec.com/blog/) - Blackhills' blog. Lots of different attacks and techniques detailed here * [mr.d0x](https://mrd0x.com) - Causal Red Team & Security Research Notes from mr.d0x ## Blog Posts * [Lateral\_Movement\_Tips\_and\_Tricks](https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/) * [Attack\_Methods\_for\_Gaining\_Domain\_Adin\_Rights\_in\_Active\_Directory](https://adsecurity.org/?p=2362) * [Practical\_Usage\_of\_NTLM\_Hashes](https://blog.ropnop.com/practical-usage-of-ntlm-hashes/) * [Mitigations\_for\_LSA\_Credential\_Exposure](https://thedefensedude.com/2016/07/19/mitigations-for-lsa-credential-exposure-part-1-plain-text-passwords/amp/) * [Red\_+*Blue*=\_Purple](https://www.blackhillsinfosec.com/red-blue-purple/) * [SMI\_Protocol\_and\_why\_Nessus\_is\_wrong](https://laconicwolf.com/2018/04/04/smi-protocol-nessus-wrong/) * [Internal\_Pivot\_Network\_Enumeration\_&\_Lateral\_Movement](https://www.blackhillsinfosec.com/internal-pivot-network-enumeration-lateral-movement/) * [EyeWitness\_and\_why\_it\_Rocks](https://www.blackhillsinfosec.com/eyewitness-and-why-it-rocks/) * [Attack\_Microsoft\_Exchange\_Web\_Interface](https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/) * [GoPhish\_with\_SendGrid](https://medium.com/@orhan_yildirim/gophish-open-source-phishing-framework-fe4662e60721) * [Finding\_Buried\_Treasure\_in\_Server\_Message\_Block](https://www.blackhillsinfosec.com/finding-buried-treasure-in-server-message-block-smb/) * [Top\_Five\_Ways\_I\_Got\_Domain\_Admin](https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa) * [A\_Complete\_Guide\_to\_Perform\_External\_Penetration\_Testing](https://gbhackers.com/external-penetration-testing) * [How\_I\_Learned\_to\_Love\_AD\_Explorer](https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer/) * [NTLM\_Relaying\_via\_Cobalt\_Strike](https://rastamouse.me/ntlm-relaying-via-cobalt-strike/) * [NTLM\_Relaying\_to\_AD\_CS](https://dirkjanm.io/ntlm-relaying-to-ad-certificate-services/) * [Phish\_for\_User\_Passwords\_with\_PowerShell](https://www.blackhillsinfosec.com/how-to-phish-for-user-passwords-with-powershell/) * [Pushing\_Your\_Way\_In](https://www.blackhillsinfosec.com/pushing-your-way-in/) * [Password\_Spraying\_Outlook\_Web\_Access](https://www.blackhillsinfosec.com/password-spraying-outlook-web-access-how-to-gain-access-to-domain-credentials-without-being-on-a-targets-network-part-2/) * [Practical\_Guide\_to\_NTLM\_Relaying](https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html) * [Finding\_Buried\_Treasure\_in\_SMB](https://www.blackhillsinfosec.com/finding-buried-treasure-in-server-message-block-smb/) * [Tips\_for\_Pentesting\_a\_PCI\_Environment](https://secureideas.com/blog/2018/08/tips-for-penetration-testing-a-pci-environment.html) * [Top\_16\_Active\_Directory\_Vulnerabilities](https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/#12-weak-domain-password-policy) * [Post\_Exploitation\_Windows\_commands](https://int0x33.medium.com/day-26-the-complete-list-of-windows-post-exploitation-commands-no-powershell-999b5433b61e) * [Shadow\_Credentials\_Workstation\_Takeover\_Edition](https://www.fortalicesolutions.com/posts/shadow-credentials-workstation-takeover-edition) * [Hiding\_Behind\_the\_Front\_door](https://www.fortalicesolutions.com/posts/hiding-behind-the-front-door-with-azure-domain-fronting) * [Attacking\_Active\_Directory:\_0\_to\_0.9](https://zer1t0.gitlab.io/posts/attacking_ad/) * [Windows\_Lateral\_Movement\_with\_SMB\_Psexec\_and\_Alternatives](https://nv2lt.github.io/windows/smb-psexec-smbexec-winexe-how-to/) * [Web\_Shells\_101\_Using\_PHP](https://www.acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/) ## Checklists * [A\_Primer\_on\_DCSync\_Attack\_and\_Detection](https://www.alteredsecurity.com/post/a-primer-on-dcsync-attack-and-detection) ## Mindmaps * [Internal\_Network\_Pentest\_Mindmap](https://github.com/sdcampbell/Internal-Network-Pentest-MindMap) ## Quick References * [Dumping\_and\_Cracking\_mscash](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials) * [Force\_NTLM\_Privileged\_Authentication](https://book.hacktricks.xyz/windows/active-directory-methodology/printers-spooler-service-abuse) ## Tool Lists * [Al1ex Pentest Tools](https://github.com/Al1ex/Pentest-tools) ## Wikis * [Vincent\_Yiu\_Red\_Team\_Tips](https://www.vincentyiu.com/red-team-tips/) * [HackTricks](https://book.hacktricks.xyz) * [LOLBAS](https://lolbas-project.github.io) * [GTFOBins](https://gtfobins.github.io) * [WadComs](https://wadcoms.github.io) * [iRedTeam](https://www.ired.team) * [Pentest\_Wikipedia](https://github.com/nixawk/pentest-wiki) * [Active\_Directory\_Exploitation\_Cheatsheet](https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet) * [Book\_of\_Secret\_Knowledge](https://github.com/trimstray/the-book-of-secret-knowledge) * [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) * [Penetration\_Testing\_Framework](http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html) * [Windows\_Priv\_Esc\_Guide](https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/) * [Attacking\_and\_Securing\_Active\_Directory](https://rmusser.net/docs/Active_Directory.html#adcred) * [The\_Hacker\_Recipes](https://www.thehacker.recipes) ## Methodologies * [PenTest\_Methodology\_2020](https://github.com/botesjuan/PenTestMethodology2020) * [PenTesters\_Promiscuous\_Notebook](https://ppn.snovvcrash.rocks) * [Internal\_Pentest\_Playbook](https://github.com/sdcampbell/Internal-Pentest-Playbook) * [Pentest\_Compilation](https://github.com/adon90/pentest_compilation) * [Pentest-Guide](https://github.com/Voorivex/pentest-guide)