Book Image

Hands-On Red Team Tactics

By : Himanshu Sharma, Harpreet Singh
Book Image

Hands-On Red Team Tactics

By: Himanshu Sharma, Harpreet Singh

Overview of this book

Red Teaming is used to enhance security by performing simulated attacks on an organization in order to detect network and system vulnerabilities. Hands-On Red Team Tactics starts with an overview of pentesting and Red Teaming, before giving you an introduction to few of the latest pentesting tools. We will then move on to exploring Metasploit and getting to grips with Armitage. Once you have studied the fundamentals, you will learn how to use Cobalt Strike and how to set up its team server. The book introduces some common lesser known techniques for pivoting and how to pivot over SSH, before using Cobalt Strike to pivot. This comprehensive guide demonstrates advanced methods of post-exploitation using Cobalt Strike and introduces you to Command and Control (C2) servers and redirectors. All this will help you achieve persistence using beacons and data exfiltration, and will also give you the chance to run through the methodology to use Red Team activity tools such as Empire during a Red Team activity on Active Directory and Domain Controller. In addition to this, you will explore maintaining persistent access, staying untraceable, and getting reverse connections over different C2 covert channels. By the end of this book, you will have learned about advanced penetration testing tools, techniques to get reverse shells over encrypted channels, and processes for post-exploitation.

Related Content you might be interested in

Current Title:

Small book image
Hands-On Red Team Tactics
Himanshu Sharma | Harpreet Singh
Sep, 2018 | 480 pages
Small book image
Kali Linux - An Ethical Hacker's Cookbook
Himanshu Sharma
Mar, 2019 | 472 pages
Small book image
Hands-On Web Penetration Testing with Metasploit
Harpreet Singh | Himanshu Sharma
May, 2020 | 544 pages
Small book image
Metasploit 5.0 for Beginners
Sagar Rahalkar
Apr, 2020 | 246 pages
Table of Contents (16 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Disclaimer
Free Chapter
1
Red-Teaming and Pentesting
Red-Teaming and Pentesting
Pentesting 101
A different approach
Summary
Questions
Further reading
2
Pentesting 2018
Pentesting 2018
Technical requirements
MSFvenom Payload Creator
Koadic
Summary
Questions
Further reading
3
Foreplay - Metasploit Basics
Foreplay - Metasploit Basics
Technical requirements
Installing Metasploit
Running Metasploit
Armitage and team server
Metasploit with slack
Armitage and Cortana scripts
Summary
Questions
Further reading
4
Getting Started with Cobalt Strike
Getting Started with Cobalt Strike
Technical requirements
Planning a red-team exercise
Introduction to Cobalt Strike
Cobalt Strike setup
Cobalt Strike interface
Customizing the team server
Summary
Questions
Further reading
5
./ReverseShell
./ReverseShell
Technical requirement
Introduction to reverse connections
Introduction to reverse shell connections
Summary
Questions
Further reading
6
Pivoting
Pivoting
Technical requirements
Pivoting via SSH
Meterpreter port forwarding
Pivoting via Armitage
Multi-level pivoting
Summary
Further reading
7
Age of Empire - The Beginning
Age of Empire - The Beginning
Technical requirements
Introduction to Empire
Empire setup and installation
Empire fundamentals
Empire post exploitation for Windows
Empire post exploitation for Linux
Empire post exploitation for OSX
Popping up a Meterpreter session using Empire
Slack notification for Empire agents
Summary
Questions
Further reading
8
Age of Empire - Owning Domain Controllers
Age of Empire - Owning Domain Controllers
Getting into a Domain Controller using Empire
Automating Active Directory exploitation using the DeathStar
Empire GUI
Summary
Questions
Further reading
9
Cobalt Strike - Red Team Operations
Cobalt Strike - Red Team Operations
Technical requirements
Cobalt Strike listeners
Cobalt Strike payloads
Beacons
Pivoting through Cobalt Strike
Aggressor Scripts
Summary
Questions
Further reading
10
C2 - Master of Puppets
C2 - Master of Puppets
Technical requirements
Introduction to C2
Cloud-based file sharing using C2
C2 covert channels
Summary
Questions
Further reading
11
Obfuscating C2s - Introducing Redirectors
Obfuscating C2s - Introducing Redirectors
Technical requirements
Introduction to redirectors
Obfuscating C2 securely
Short-term and long-term redirectors
Redirection methods
Domain fronting
Summary
Questions
Further reading
12
Achieving Persistence
Achieving Persistence
Technical requirements
Persistence via Armitage
Persistence via Empire
Persistence via Cobalt Strike
Summary
Further reading
13
Data Exfiltration
Data Exfiltration
Technical requirements
Exfiltration basics
CloakifyFactory
Data exfiltration via DNS
Data exfiltration via Empire
Summary
Questions
Further reading
14
Assessment
Assessment
Chapter 1: Red-Teaming and Pentesting
Chapter 2: Pentesting 2018
Chapter 3: Foreplay – Metasploit Basics
Chapter 4: Getting Started with Cobalt Strike
Chapter 5: ./ReverseShell
Chapter 7: Age of Empire – The Beginning
Chapter 8: Age of Empire – Owning Domain Controllers
Chapter 9: Cobalt Strike – Red Team Operations
Chapter 10: C2 – Master of Puppets
Chapter 11: Obfuscating C2s – Introducing Redirectors
Chapter 13: Data Exfiltration
15
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Red-Teaming and Pentesting, helps you understand about different standards of pentesting followed across the industry, and we went through the seven phases of the PTES standard in detail.

Chapter 2, Pentesting 2018, introduces you to MSF Payload Creator (MSFPC). We will also look at the use of resource files which were generated by MSFPC besides the payload file

Chapter 3, Foreplay – Metasploit Basics, teaches you about team server and the Armitage client, including the setup and usage of Armitage.

Chapter 4, Getting Started with Cobalt Strike, starts by exploring the red-team exercise as well as the concept of the cyber kill chain, which can be used for an attack plan. The chapter then introduces you to Cobalt Strike, the tool that is used for red-team operations.

Chapter 5, ./ReverseShell, explores what a reverse connection and reverse shell connection is using various tools. Furthermore, we will try different payloads to get reverse shell connections using Metasploit.

Chapter 6, Pivoting, dives into port forwarding and its uses. We will also learn about pivoting and its uses, followed by methods of port forwarding via SSH.

Chapter 7, Age of Empire – The beginning, introduces you to Empire and its fundamentals. We will also cover Empire's basic usage and the post exploitation basics for Windows, Linux and OSX.

Chapter 8, Age of Empire – Owning Domain Controllers, delves into some more advanced uses of the Empire tool to get access to the Domain Controller.

Chapter 9, Cobalt Strike – Red Team Operations, teaches you about the listener module of Cobalt Strike along with its type and usage.

Chapter 10, C2 – Master of Puppets, provides an introduction to command and control (C2) servers and discussed how they are used in a red team operation.

Chapter 11, Obfuscate C2s – Introducing Redirectors, introduces you to redirectors and the reason why obfuscating C2s are required. We have also covered how we can obfuscate C2s in a secure manner so that we can protect our C2s from getting detected by the Blue team.

Chapter 12, Achieving Persistence, dives into achieving persistence using Armitage's inbuilt exploit modules, then we will learn how to do the same via Empire on Windows, Linux, and macOS machines.

Chapter 13, Data Exfiltration, discusses about some basic ways of transferring data using simple tools like Netcat, OpenSSL and PowerShell. Next, we jumped into transforming the data using text-based steganography to avoid detection, as well as looking at the usage of the CloakifyFactory tool.

Previous Section
Next Section