Alex.exe Posted November 5, 2022 Share Posted November 5, 2022 Share your favorite tools and techniques for Red Teaming! 1 Link to comment Share on other sites More sharing options...
jubjub Posted November 6, 2022 Share Posted November 6, 2022 Idk how common this is but if you have a data structure, header or unique error message when probing a closed source service sometimes you can find stack overflow threads describing what you're looking at just by searching for the format or message. 6 Link to comment Share on other sites More sharing options...
Graham Posted November 6, 2022 Share Posted November 6, 2022 One tip that I love is that if you are able to compromise (or spoof) the IP of the vulnerability scanner, you will likely bypass all detections. If an analyst does see your scanning, they'll see its coming from the vulnerability scanner and instantly close it as a false positive. 🙂 7 Link to comment Share on other sites More sharing options...
gnugro Posted November 8, 2022 Share Posted November 8, 2022 I do adversary emulation and have a system with multiple IPs to randomize the attacker IP(s) when creating training scenarios. For apps that don't have an option to use a specific interface or IP, I use firejail. https://github.com/netblue30/firejail 2 Link to comment Share on other sites More sharing options...
0xRokkr Posted November 8, 2022 Share Posted November 8, 2022 I was participating in a competition this past weekend as a red teamer and we made use of autovnet (https://gitlab.com/autovtools/autovrtfm/autovnet) and the red team leadership was very pleased with its performance. 3 2 Link to comment Share on other sites More sharing options...
gnugro Posted November 8, 2022 Share Posted November 8, 2022 1 hour ago, 0xRokkr said: I was participating in a competition this past weekend as a red teamer and we made use of autovnet (https://gitlab.com/autovtools/autovrtfm/autovnet) and the red team leadership was very pleased with its performance. THIS IS STELLAR! Thank you for this reference!! 1 Link to comment Share on other sites More sharing options...
malware_marty Posted November 14, 2022 Share Posted November 14, 2022 Ive been on the blue team side of red teams using the authentication relay / Resource Based Constrained Delegation (RBCD) escalation path and have been captivated by it lately. https://github.com/topotam/PetitPotam https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeover-2bcb7f94c783 Link to comment Share on other sites More sharing options...
Sh0ckFR Posted November 17, 2022 Share Posted November 17, 2022 I think the best tools are: https://getgophish.com/ for the phishing phase A C2. A good C2 loader. https://github.com/BloodHoundAD/BloodHound and https://github.com/BloodHoundAD/SharpHound for active directory mapping (only if necessary) https://github.com/SecureAuthCorp/impacket for the lateral movements https://github.com/outflanknl/Dumpert for the lsass dumps or https://github.com/codewhitesec/HandleKatz And PetitPotam, and others tools like that for relay. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now