List of Awesome Red Team / Red Teaming Resources
This list is for anyone wishing to learn about Red Teaming but do not have a starting point.
Anyway, this is a living resources and will update regularly with latest Adversarial Tactics and Techniques.
You can help by sending Pull Requests to add more information.
- Social Engineering
- OSINT
- Delivery
- Implant Creation
- Lateral movement
- Command and Control
- Embedded and Peripheral Devices Hacking
- Misc
- Ebooks
- Training
- Certification
↑ Social Engineering
- Social Engineer Portal
- 7 Best social Engineering attack
- Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012
- Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23
- OWASP Presentation of Social Engineering - OWASP
- USB Drop Attacks: The Danger of “Lost And Found” Thumb Drives
- PyPhishing Toolkit
- Best Time to send email
↑ OSINT
- Awesome list of OSINT - A lot of awesome OSINT resources are already covered
- Reconnaissance using LinkedInt
↑ Delivery
- Cobalt Strike - Spear Phishing documentation
- Cobalt Strike Blog - What's the go-to phishing technique or exploit?
- Spear phishing with Cobalt Strike - Raphael Mudge
- Phishing Against Protected View
- VEIL-EVASION AES ENCRYPTED HTTPKEY REQUEST: SAND-BOX EVASION
- EGRESSING BLUECOAT WITH COBALTSTIKE & LET'S ENCRYPT
- EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE
- An unnecessary addiction to DNS communication
- POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS
- Phishing with PowerPoint
- PHISHING WITH EMPIRE
- Empire & Tool Diversity: Integration is Key
- Phishing for access
↑ Implant Creation
- Exploiting CVE-2017-0199: HTA Handler Vulnerability
- CVE-2017-0199 Toolkit
- CVE-2017-8759-Exploit-sample
- Window Signed Binary
- Wepwnise
- Bash Bunny
- Generate Macro - Tool
- How To: Empire’s Cross Platform Office Macro
- Excel macros with PowerShell
- PowerPoint and Custom Actions
- MS Signed mimikatz in just 3 steps
- Hiding your process from sysinternals
- Luckystrike: An Evil Office Document Generator
- The Absurdly Underestimated Dangers of CSV Injection
- Macro-less Code Exec in MSWord
- Multi-Platform Macro Phishing Payloads
- Macroless DOC malware that avoids detection with Yara rule
- Empire without powershell
- Powershell without Powershell to bypass app whitelist
- Phishing between the app whitelists
- Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files)
- Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations
- Windows oneliners to download remote payload and execute arbitrary code
- Week of Evading Microsoft ATA - Announcement and Day 1 to Day 5
- AMSI How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
- USING A SCF FILE TO GATHER HASHES
- USING THE DDE ATTACK WITH POWERSHELL EMPIRE
- AVSignSeek
- Keying Payloads for Scripting Languages
- Executing Metasploit & Empire Payloads from MS Office Document Properties (part 1 of 2)
- Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2)
- Microsoft Office – NTLM Hashes via Frameset
↑ Lateral movement
- Eventvwr File-less UAC Bypass CNA
- Lateral movement using excel application and dcom
- WSH Injection: A Case Study
- Fileless UAC Bypass using sdclt
- Bypassing AMSI via COM Server Hijacking
- Window 10 Device Guard Bypass
- My First Go with BloodHound
- OPSEC Considerations for beacon commands
- Agentless Post Exploitation
- Windows Access Tokens and Alternate credentials
- PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
- Lay of the Land with BloodHound
- Bringing the hashes home with reGeorg & Empire
- Intercepting passwords with Empire and winning
- Outlook Home Page – Another Ruler Vector
- Outlook Forms and Shells
- Windows Privilege Escalation Checklist
- A Guide to Configuring Throwback
- Abusing DNSAdmins privilege for escalation in Active Directory
- Using SQL Server for attacking a Forest Trust
- Extending BloodHound for Red Teamers
- Pass hash pass ticket no pain
↑ Command and Control
- How to Build a C2 Infrastructure with Digital Ocean – Part 1
- Infrastructure for Ongoing Red Team Operations
- Automated Red Team Infrastructure Deployment with Terraform - Part 1
- 6 RED TEAM INFRASTRUCTURE TIPS
- Red Teaming for Pacific Rim CCDC 2017
- How I Prepared to Red Team at PRCCDC 2015
- Red Teaming for Pacific Rim CCDC 2016
- Randomized Malleable C2 Profiles Made Easy
- Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock
- High-reputation Redirectors and Domain Fronting
- TOR Fronting – Utilising Hidden Services for Privacy
- Domain Fronting Via Cloudfront Alternate Domains
- The PlugBot: Hardware Botnet Research Project
- Attack Infrastructure Log Aggregation and Monitoring
- Finding Frontable Domain
- Apache2Mod Rewrite Setup
- Empre Domain Fronting
- Domain Hunter
- Migrating Your infrastructure
- Redirecting Cobalt Strike DNS Beacons
- Finding Domain frontable Azure domains - thoth / Fionnbharr (@a_profligate)
- Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike
- Escape and Evasion Egressing Restricted Networks - Tom Steele and Chris Patten
- Command and Control Using Active Directory
- C2 with twitter
- C2 with DNS
- ICMP C2
- C2 with Dropbox
- C2 with https
- C2 with webdav
- C2 with gmail
- “Tasking” Office 365 for Cobalt Strike C2
- Simple domain fronting PoC with GAE C2 server
- Using WebDAV features as a covert channel
- Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
- InternetExplorer.Application for C2
- C2 WebSocket
- C2 WMI
- C2 Website
↑ Embedded and Peripheral Devices Hacking
- Gettting in with the Proxmark3 & ProxBrute
- Practical Guide to RFID Badge copying
- Contents of a Physical Pentester Backpack
- MagSpoof - credit card/magstripe spoofer
- Wireless Keyboard Sniffer
- RFID Hacking with The Proxmark 3
- Swiss Army Knife for RFID
- Exploring NFC Attack Surface
- Outsmarting smartcards
- Reverse engineering HID iClass Master keys
- Android Open Pwn Project (AOPP)
↑ Misc
- Red Tips of Vysec
- Cobalt Strike Tips for 2016 ccde red teams
- Models for Red Team Operations
- Planning a Red Team exercise
- Raphael Mudge - Dirty Red Team tricks
↑ Ebooks
- Next Generation Red Teaming
- Targeted Cyber Attack
- Advanced Penetration Testing: Hacking the World's Most Secure Networks
- Social Engieers' Playbook Pretical Pretexting