Hands-On Red Team Tactics

By : Himanshu Sharma, Harpreet Singh

Hands-On Red Team Tactics

By: Himanshu Sharma, Harpreet Singh

Overview of this book

Red Teaming is used to enhance security by performing simulated attacks on an organization in order to detect network and system vulnerabilities. Hands-On Red Team Tactics starts with an overview of pentesting and Red Teaming, before giving you an introduction to few of the latest pentesting tools. We will then move on to exploring Metasploit and getting to grips with Armitage. Once you have studied the fundamentals, you will learn how to use Cobalt Strike and how to set up its team server. The book introduces some common lesser known techniques for pivoting and how to pivot over SSH, before using Cobalt Strike to pivot. This comprehensive guide demonstrates advanced methods of post-exploitation using Cobalt Strike and introduces you to Command and Control (C2) servers and redirectors. All this will help you achieve persistence using beacons and data exfiltration, and will also give you the chance to run through the methodology to use Red Team activity tools such as Empire during a Red Team activity on Active Directory and Domain Controller. In addition to this, you will explore maintaining persistent access, staying untraceable, and getting reverse connections over different C2 covert channels. By the end of this book, you will have learned about advanced penetration testing tools, techniques to get reverse shells over encrypted channels, and processes for post-exploitation.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Disclaimer

Free Chapter

Red-Teaming and Pentesting

Summary

Pentesting 2018

Technical requirements

MSFvenom Payload Creator

Koadic

Summary

Questions

Further reading

Foreplay - Metasploit Basics

Technical requirements

Installing Metasploit

Running Metasploit

Armitage and team server

Metasploit with slack

Armitage and Cortana scripts

Summary

Questions

Further reading

Getting Started with Cobalt Strike

Technical requirements

Planning a red-team exercise

Introduction to Cobalt Strike

Cobalt Strike setup

Cobalt Strike interface

Customizing the team server

Summary

Questions

Further reading

./ReverseShell

Technical requirement

Introduction to reverse connections

Introduction to reverse shell connections

Summary

Questions

Further reading

Pivoting

Technical requirements

Pivoting via SSH

Meterpreter port forwarding

Pivoting via Armitage

Multi-level pivoting

Summary

Further reading

Age of Empire - The Beginning

Technical requirements

Introduction to Empire

Empire setup and installation

Empire fundamentals

Empire post exploitation for Windows

Empire post exploitation for Linux

Empire post exploitation for OSX

Popping up a Meterpreter session using Empire

Slack notification for Empire agents

Summary

Questions

Further reading

Age of Empire - Owning Domain Controllers

Getting into a Domain Controller using Empire

Automating Active Directory exploitation using the DeathStar

Empire GUI

Summary

Questions

Further reading

Cobalt Strike - Red Team Operations

Technical requirements

Cobalt Strike listeners

Cobalt Strike payloads

Beacons

Pivoting through Cobalt Strike

Aggressor Scripts

Summary

Questions

Further reading

C2 - Master of Puppets

Technical requirements

Introduction to C2

Cloud-based file sharing using C2

C2 covert channels

Summary

Questions

Further reading

Obfuscating C2s - Introducing Redirectors

Technical requirements

Introduction to redirectors

Obfuscating C2 securely

Short-term and long-term redirectors

Summary

Achieving Persistence

Technical requirements

Persistence via Armitage

Persistence via Empire

Persistence via Cobalt Strike

Summary

Further reading

Data Exfiltration

Technical requirements

Exfiltration basics

CloakifyFactory

Data exfiltration via DNS

Data exfiltration via Empire

Summary

Questions

Further reading

Assessment

Chapter 1: Red-Teaming and Pentesting

Chapter 2: Pentesting 2018

Chapter 3: Foreplay – Metasploit Basics

Chapter 4: Getting Started with Cobalt Strike

Chapter 5: ./ReverseShell

Chapter 7: Age of Empire – The Beginning

Chapter 8: Age of Empire – Owning Domain Controllers

Chapter 9: Cobalt Strike – Red Team Operations

Chapter 10: C2 – Master of Puppets

Chapter 11: Obfuscating C2s – Introducing Redirectors

Chapter 13: Data Exfiltration

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Persistence via Empire

Empire has a lot of inbuilt modules that allow us to use persistence on a system while performing a red team activity. These modules are divided into four main areas:

PowerBreach: This is a series of in-memory PowerShell backdoors that provide triggers for various options
userland: These are backdoors that execute on reboot without needing admin rights
elevated: These are backdoors that execute on reboot with admin rights
debugger triggers: These are backdoors that execute on a particular trigger (an example of this is sticky keys)

In this section, we will cover some of the modules for Linux, Windows, and macOS systems.

For Windows:

Assuming we have an agent connected on our empire from a Windows Machine:

To view a list of available persistence modules, we interact with agents using the interact <agent name> command.

Next, to view the available...

Hands-On Red Team Tactics

By : Himanshu Sharma, Harpreet Singh

Hands-On Red Team Tactics

By: Himanshu Sharma, Harpreet Singh

Overview of this book

Related Content you might be interested in

Current Title:

Hands-On Red Team Tactics

Kali Linux - An Ethical Hacker's Cookbook

Hands-On Web Penetration Testing with Metasploit

Metasploit 5.0 for Beginners