Red Team Ops I

Here are my notes for Zero Point Security’s Red Team Ops (RTO) course. Note that many notes linked below may have been combined with notes from other sources.

Messy notes alert

Currently my notes (especially attack vectors) aren’t organized in a very hierarchical manner. While this makes note-taking easy, it tends to also make locating what I need a pain. I’m thinking of building a better map of content later, along with a better tagging system.

• Cite this note as source in all notes referenced below.

1. Getting Started
   • red teaming
   • OPSEC
   • primum non nocere
   • Targeted Attack Lifecycle
2. Cobalt Strike & C2
3. External Reconnaissance
4. Initial compromise
   • mail server attacks
   • Microsoft Office macro attack
   • remote template injection
   • HTML smuggling
5. Host Reconnaissance
   • web categorization
6. Host Persistence
7. Host Privilege Escalation
8. Elevated Host Persistence
9. Credential Theft
10. Common Password Attacks
11. Domain Reconnaissance
12. User Impersonation
13. Lateral Movement (to-do)
14. Session Passing (to-do)
15. Pivoting (to-do)
16. Data Protection API
17. Kerberos
18. Active Directory Certificate Services
19. Group Policy (to-do)
20. MS SQL Servers
21. Microsoft Configuration Manager (to-do)
22. Domain Dominance
    • Silver Ticket
    • Golden Ticket
    • Diamond Ticket
    • AD CS forged certificate
23. Trusts
24. Local Administrator Password Solution
25. Microsoft Defender Antivirus (to-do)
26. Application Whitelisting (to-do)
27. Data Hunting & Exfiltration (to-do)
28. Extending Cobalt Strike (to-do)
29. Exam Preparation (to-do)