Red Team Operation
- خبره
- مسیر قرمز
- ۱۰ درس
نام دوره: Red Team Operation
دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
- کارشناسان ارزیابی امنیت/تست نفوذ/تیم قرمز
- متخصصین فعال در زمینهی Bug Bounty
- مشاورین امنیت سایبری
- متخصصین امنیت زیرساخت و مراکز داده
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
- تسلط بر مفاهیم امنیت سایبری
- تسلط بر پروتکلهای پرکاربرد TCP/IP
- تسلط بر مفاهیم زیرساخت شبکه
- آشنایی با حداقل یکی از زبانهای اسکریپتنویسی پرکاربرد مانند پایتون و پاورشل
- حداقل دو سال تجربهی کاری در زمینهی امنیت سایبری و تست نفوذ
سرفصلهای دوره
-
Red Team Philosophy
-
Types of Security Assessments
-
Red Teaming Overview
-
Red Team vs. Blue Team
-
Red Team Assessment Phases
-
-
External Reconnaissance
-
Passive Intelligence Gathering Overview
-
Online Services Recon
-
Gathering Clients Data
-
OSINT
-
Analyzing Initial Data
-
-
Initial Compromise
-
Password Spraying
-
Exploiting
-
Social Engineering
-
Phishing
-
NTLM and SMB Relay
-
-
Attacking Exchange
-
Exchange Overview
-
Protocols
-
Interesting Functions/Components
-
Autodiscover
-
Global Address List
-
Outlook Rules
-
Outlook Forms
-
-
Recon & OWA Discovery
-
Naming Schema Fuzzing
-
Username Enumeration (Timing attack)
-
Password Spraying
-
GAL Extraction
-
Bypassing 2 Factor Authentication
-
Identifying Sensitive Data inside Mailboxes Using PowerShell
-
Search mailboxes for credentials/sensitive data
-
Outlook Rules
-
Attacking from the inside
-
Misusing Exchange ActiveSync (EAS) to access internal file shares
-
-
-
Payload Delivery
-
Email Delivery Fundamentals
-
Staged vs stateless payloads
-
Fileless malware
-
Covert Channels
-
Macro Development
-
Defensive evasion
-
AMSI bypasses
-
Application whitelisting bypasses
-
VBA stomping
-
HTML smuggling
-
PPID spoofing
-
Argument confusion
-
Execution decoupling
-
blockdlls
-
EDR Evasion
-
-
Abusing Other Office Capabilities
-
Other Exploitable File Types
-
CHM Files
-
HTA Files
-
LNK Files
-
IQY Files
-
MSG Files
-
RTF Files
-
-
-
Post Exploit Activities
-
Internal Recon
-
Pivoting and Tunneling
-
Port Forward
-
Reverse Connection
-
Socks5 over TCP and UDP
-
Tunneling Over PIPE Line
-
Tunneling Over NTLM Negotiation
-
HTTP and HTTPS Tunneling
-
DNS Tunneling
-
ICMP Tunneling
-
NTP Tunneling
-
-
Man-In-The-Middle (MITM)
-
Password Spraying
-
Local Privilege Escalation
-
Local Password, Hash and Ticket Hunting
-
SMB Listeners
-
Missing Patches
-
Service Abuse
-
Always Install Elevated
-
UAC Bypasses
-
Process Injection
-
Unquoted paths
-
DLL Hijacking
-
GetSystem Techinques
-
Hard Link Attacks
-
Token Impersonate
-
-
Lateral Movement
-
Remote Command Execute
-
PowerShell Remoting
-
WMI
-
WinRM
-
PsExec
-
DCOM
-
Run PowerShell Scripts without PowerShell
-
-
-
-
-
-
Attacking Active Directory
-
Active Directory Overview
-
AD Components
-
LDAP
-
Kerberos
-
AD &DNS
-
AD Trusts
-
-
Enumeration through a Domain Joined Windows Machine
-
Users and Computers Queries
-
Active Directory Sites and Services, OU and other Data
-
Net commands
-
Enumeration through NetBIOS
-
Ping IP Ranges
-
SPN Scanning
-
-
Identifying Users and Computers that Having Admin Rights
-
Enumeration through a Non-Domain Joined Windows and Linux Machine
-
Traditional AD Attacks
-
Kerberos Based Attacks
-
Golden Ticket
-
Silver Ticket
-
Kerberoast
-
Skeleton key
-
-
NTDS File
-
Extract Hash and Data from NTDS
-
sysvol
-
-
Other AD Attacks
-
AD Attacking Tools
-
PowerView
-
BloodHound
-
-
Privilege Escalation
-
User Hunting
-
Delegation issues
-
DACL and ACEs
-
-
Advanced Cross-Forest Trust Abuse
-
Credentials Replay Attacks
-
-
Attacking MSSQL Servers
-
MS SQL Server Overview
-
Locating & Accessing SQL Servers
-
Privilege Escalation in SQL Servers
-
Command Execution
-
Parsing and Searching for Sensitive Data
-
-
Attacking WSUS
-
Windows Update Overview
-
WSUS Fundamentals
-
WSUS Architecture
-
-
Identifying WSUS
-
Unencrypted Communications & Malicious Update injection
-
Leveraging WSUS Interconnectivity
-
-
Persistence
-
Persisting in Client and Server Machines
-
Startup Folder
-
Scheduled Task
-
MOF and WMI Subscriptions
-
Registry
-
Services
-
Driver
-
-
Persisting in Active Directory
-
DCShadow
-
WMI
-
GPO
-
Domain and Host ACLs
-
DNS
-
-
Persisting in MS SQL Servers
-
Persistent Using Windows Updates and WSUS
-
گواهینامهی دوره
