Certified Red Team Professional (CRTP) - Notes
HomeGitHubPortfolioTwitter/XMediumCont@ct
  • 📝Certified Red Team Professional (CRTP) - Notes
    • â„šī¸0 - Course Summary
    • 1ī¸âƒŖ1 - Active Directory (AD)
      • 1.1 - Introduction to Active Directory (AD)
      • 1.2 - Physical Components of AD
      • 1.3 - Logical Components of AD
    • 2ī¸âƒŖ2 - PowerShell
      • 2.1 - Introduction to PowerShell
      • 2.2 - Security and Detection
    • 3ī¸âƒŖ3 - AD Enumeration
      • 3.1 - Host & User Identification
      • 3.2 - Common Services Enum
        • 3.2.1 - LDAP & DNS Enum
        • 3.2.2 - SMB Enum & Common Attacks
      • 3.3 - Domain Enumeration
        • 3.3.1 - PowerView
          • 3.3.1.1 - Domain Enumeration (Video Lab)
        • 3.3.2 - BloodHound
    • 4ī¸âƒŖ4 - Trust and Privileges Mapping
      • 4.1 - Access Control (ACL/ACE)
      • 4.2 - Group Policy
      • 4.3 - Trusts
    • 5ī¸âƒŖ5 - Local Privilege Escalation
      • 5.1 - Privilege Escalation
        • 5.1.1 - Feature Abuse
        • 5.1.2 - Relaying
        • 5.1.3 - GPO Abuse
        • 5.1.4 - Unquoted Service Path
      • 5.2 - Tools
    • 7ī¸âƒŖ6 - Lateral Movement
      • 6.1 - PowerShell Remoting & Tradecraft
      • 6.2 - Credentials Extraction & Mimikatz
    • 9ī¸âƒŖ7 - Kerberos Attack and Privelege Escalation
      • 7.1 - Kerberos Intro
      • 7.2 - User Enum in Kerberos
      • 7.3 - AS-REP Roasting
      • 7.4 - Kerberoasting
      • 7.5 - Kerberos Delegation
        • Uncostrained Delegation
        • Constrained Delegation
      • 7.6 - Accross Trusts
        • Page
        • External Trust
        • Forest
        • Domain Trust
    • 8ī¸âƒŖ8 - Persistence
      • 8.1 - Golden Ticket
      • 8.2 - Silver Ticket
      • 8.3 - Diamond Ticket
      • 8.4 - Skeleton Key
      • 8.5 - DSRM
      • 8.6 - Custom SSP
      • 8.7 - Persistence via ACLs
        • 8.7.1 - AdminSDHolder
        • 8.7.2 - DCSync Attack
        • 8.7.3 - Security Descriptors
    • 9ī¸âƒŖ9 - Detection and Defense
    • Lab
      • 0 - Lab Instructions
      • 1 - LO 1ī¸
      • 2 - LO2ī¸
      • 3 - LO 3ī¸
      • 4 - LO 4ī¸
      • 5 - LO 5ī¸
      • 6 - LO 6ī¸
      • 7 - LO 7ī¸
      • 8 - LO8ī¸
      • 9 - LO9ī¸
      • 10 - LO1ī¸0ī¸
      • 11 - LO1ī¸1ī¸
      • 12 - LO1ī¸2ī¸
      • 13 - LO1ī¸3ī¸
      • 14 - LO1ī¸4ī¸
      • 15 - LO1ī¸5ī¸
      • 16 - LO1ī¸6ī¸
      • 17 - LO1ī¸7ī¸
      • 18 - LO1ī¸8ī¸
      • 19 - LO1ī¸9ī¸
      • 20 - LO2ī¸0ī¸
      • 21 - LO2ī¸1ī¸
      • 22 - LO 2ī¸2ī¸
      • 23 - LO2ī¸3ī¸
    • 📄Report
      • How to write a PT Report
  • đŸ›Ŗī¸RoadMap / Exam Preparation
  • 📔CRTP Cheat Sheet
Powered by GitBook
On this page
  • Topics
  • Scope of Lab
  • PowerShell
  • Resources
  1. Certified Red Team Professional (CRTP) - Notes

0 - Course Summary

Topics

  1. Active Directory (AD)

  2. PowerShell

  3. AD Enumeration

  4. Trust and Privileges Mapping

  5. Local Privilege Escalation

  6. Lateral Movement

  7. Persistence

  8. Detection and Defense

Scope of Lab

Subnet range (only on course lab) -> 172.16.1.0/24 - 172.16.17.0/24

Everything else in not in scope.

PowerShell

Powershell provides access to almost everything in a Windows platform and Active Directory Environment.

It's based on .NET framework and is integrated with Windows OS.

We'll use it to interpretate attacker methodologies and running powerful scripts.

Resources

❗ Disclaimer

Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!❗

PreviousCertified Red Team Professional (CRTP) - NotesNext1 - Active Directory (AD)

Last updated 2 days ago

📝
â„šī¸
Active Directory Domain Services Overviewdocsmsft
Logo