SANS SEC670.5 Enhancing Your Implant Shellcode, Evasion, and C2
فهرست مطالب کتاب SANS SEC670.5 Enhancing Your Implant Shellcode, Evasion, and C2:
Custom Loaders
Lab 5.1: The Loader
Unhooking Hooks
Lab 5.2: UnhookTheHook
Bypassing AV/EDR
Calling Home
Lab 5.3: No Caller ID
Writing Shellcode in C
Bootcamp
Lab 5.4: AMSI No More
Lab 5.5: ShadowCraft
SANS SEC699 Workbook Sections 1-3
فهرست مطالب کتاب SANS SEC699 Workbook Sections 1-3:
Day 1: Introduction to Purple-Teaming Tools
Day 2: Advanced Initial Execution
Day 3: Advanced Active Directory and Kerberos Attacks
SANS SEC699 Workbook Sections 4 _ 5
فهرست مطالب کتاب SANS SEC699 Workbook Sections 4 & 5:
Day 4: Stealth Persistence Strategies
Day 5: Adversary Emulation
SANS SEC699.1 Adversary Emulation for Breach Prevention & Detection
فهرست مطالب کتاب SANS SEC699.1 Adversary Emulation for Breach Prevention & Detection:
Introduction
Course objectives
Building our lab environment
Introducing the lab architecture
Exercise: Deploying the lab environment
Purple teaming organization
Exercise: Introduction to VECTR™
Key tools
Building a stack for detection
Assessing detection coverage
Rule-based versus anomaly-based detection
Exercise: Preparing our Elastic and SIGMA stack
Building a stack for adversary emulation
Exercise: Preparing adversary emulation stack
Automated emulation using MITRE Caldera
Exercise: Caldera
SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection
فهرست مطالب کتاب SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection:
Initial Intrusion Strategies
Traditional Attack Strategies & Defenses
Emulating Adversarial Techniques & Detections
Anti-Malware Scanning Interface (AMSI)
Office Macro Obfuscation Techniques
Exercise: VBA Stomping, Purging & AMSI Bypasses
Application Execution Control
Exercise: Bypassing Application Execution Control
ExploitGuard & Attack Surface Reduction Rules
Exercise: Bypassing Attack Surface Reduction
Going Stealth – Process Shenanigans
Zooming in on Windows Internals
Bypassing Security Products Through Process Shenanigans
Hunting for These Shenanigans
Exercise: Bypassing Modern Security Products
Conclusions
SANS SEC699.3 Lateral Movement Emulation & Detection
فهرست مطالب کتاب SANS SEC699.3 Lateral Movement Emulation & Detection:
Active Directory Enumeration
BloodHound Enumeration
Exercise: Analyzing BloodHound Attack Chains
Credential Dumping
LSASS Credential Stealing Techniques
Exercise: Stealing Credentials from LSASS
Stealing Credentials Without Touching LSASS
Exercise: Internal Monologue in NTLMv1 Downgrades
Stealing NTLMv2 Challenge-Response
Exercise: Creative NTLMv2 Challenge-Response Stealing
Kerberos Attacks
Kerberos Refresh
Unconstrained Delegation Attacks
Exercise: Unconstrained Delegation Attacks
(Resource-Based) Constrained Delegation
Exercise: (Resource-Based) Constrained Delegation
Conclusions
SANS SEC699.4 Persistence Emulation & Detection
فهرست مطالب کتاب SANS SEC699.4 Persistence Emulation & Detection:
Pivoting Between Domains & Forests
Breaking Domain & Forest Trusts
Exercise: Pivoting between Domains & Forests
Persistence Techniques
COM Object Hijacking
Exercise: COM Object Hijacking
WMI Persistence
Exercise: WMI Persistence
AppCert, AppInit & Netsh Helper DLL
Exercise: Implementing Netsh Helper DLL
Office Template & Library Tricks
Exercise: Office Persistence
Application Shimming
Exercise: Application Shimming
Stealth AD Persistence & Manipulation
Exercise: Stealth AD Persistence
Conclusions
SANS SEC699.5 Azure AD & Emulation Plans
فهرست مطالب کتاب SANS SEC699.5 Azure AD & Emulation Plans:
Azure AD
Azure AD Structure and Management
Azure AD Hybrid Authentication
Azure AD Authentication Methods
Azure AD Conditional Access
Introduction to Azure Identities
Azure AD Security Logging
Executing emulation plans
APT-28 Emulation Plan
Exercise: APT-28 Emulation Plan
APT-34 Emulation Plan
Exercise: APT-34 Emulation Plan
Turla Emulation Plan
Exercise: Turla Emulation plan
SANS SEC699.6 Adversary Emulation Capstone
فهرست مطالب کتاب SANS SEC699.6 Adversary Emulation Capstone:
Capstone
Capstone Introduction – Live Events
Capstone Introduction – OnDemand
