Posts

AD CS "Certified Pre-Owned" Cheatsheet

-
AD CS "Certified Pre-Owned" Cheatsheet Abusing Active Directory Certificate Services — Commands, Techniques & Defences Based on the whitepaper by Will Schroeder & Lee Christensen (SpecterOps) · v1.0.1 THEFT1–5 PERSIST1–3 ESC1–8 DPERSIST1–3 PREVENT1–8 DETECT1–7 Table of Contents Background & Key Concepts Authentication EKU OIDs Certificate Enrollment Methods AD CS Enumeration Certificate Theft (THEFT1–5) Account Persistence (PERSIST1–3) Domain Escalation (ESC1–8) Domain Persistence (DPERSIST1–3) Defensive Guidance (PREVENT & DETECT) Tool Reference 1. Background & Key Concepts Active Directory Certificate Services (AD CS) is Microsoft's PKI implementation that integrates with Active Directory forests. It provides encryption, digital signatures, and — critically — user and machine authentication to AD. Although not installed by d...
Post a Comment
Read more

Red Team Infrastructure: The Full Picture — From Domain to Beacon

-
Contents Introduction Architecture Overview Infrastructure Segmentation Phase 1 — Domains Domain Aging Categorization DNS Configuration Phase 2 — Terraform Components Terraform Code Phase 3 — C2 Framework Choosing a C2 Listener Types Phase 4 — Redirector Nginx Setup TLS OPSEC Phase 5 — Hardening Layer 1: User-Agent Layer 2: Header Layer 3: URI Layer 4: IP Block Phase 6 — CDN Relays Azure CDN Cloudflare Phase 7 — Serverless Phase 8 — Tunnels Phase 9 — Phishing Mail Server Evilginx + GoPhish Phase 10 — Malleable C2 Phase 11 — OPSEC Tools Reference References Red Team Infrastructure: The Full Picture A step-by-step, production-grade guide covering every layer of modern red team infrastructure — from domain selection and Terraform automation to C2 frameworks, CDN relays, phishing servers, ...
Post a Comment
Read more