Question

6.5. 参考链接

6.5.1. Windows

• Windows 威胁防护
• 文件寄生 NTFS文件流实际应用
• Windows中常见后门持久化方法总结
• LOLBAS
• 渗透技巧——Windows单条日志的删除
• windows取证 文件执行记录的获取和清除
• Getting DNS Client Cached Entries with CIM/WMI
• Windows单机Persistence
• Dumping RDP Credentials

6.5.1.1. 域渗透

• 绕过域账户登录失败次数的限制
• 域渗透总结
• got domain admin on internal network
• Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques <http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating%20Pass-the-Hash%20(PtH)%20Attacks%20and%20Other%20Credential%20Theft%20Techniques_English.pdf>`_
• 域渗透学习笔记
• QOMPLX Knowledge: Fundamentals of Active Directory Trust Relationships
• Kerberos的黄金票据详解
• DCShadow explained: A technical deep dive into the latest AD attack technique
• Active Directory Security
• Kerberos AD Attacks Kerberoasting
• Kerberos之域内委派攻击
• adsec An introduction to Active Directory security
• Attacking Active Directory
• Certified Pre-Owned Abusing Active Directory Certificate Services
• Microsoft Advanced Threat Analytics

6.5.1.2. 权限提升

• Windows内网渗透提权
• UACMe Defeating Windows User Account Control

6.5.1.3. 协议

• DEC/RPC
• The dark side of Microsoft Remote Procedure Call protocols

6.5.2. RedTeam

• RedTeamManual

6.5.3. 内网

• 内网安全检查
• 我所知道的内网渗透
• 从零开始内网渗透学习
• 渗透技巧 从Github下载安装文件
• An introduction to privileged file operation abuse on Windows
• 脚本维权tips

6.5.4. Cobalt Strike

• Cobalt Strike 系列笔记
• 渗透利器Cobalt Strike 第2篇 APT级的全面免杀与企业纵深防御体系的对抗