SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection
فهرست مطالب کتاب SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection:
Initial Intrusion Strategies
Traditional Attack Strategies & Defenses
Emulating Adversarial Techniques & Detections
Anti-Malware Scanning Interface (AMSI)
Office Macro Obfuscation Techniques
Exercise: VBA Stomping, Purging & AMSI Bypasses
Application Execution Control
Exercise: Bypassing Application Execution Control
ExploitGuard & Attack Surface Reduction Rules
Exercise: Bypassing Attack Surface Reduction
Going Stealth – Process Shenanigans
Zooming in on Windows Internals
Bypassing Security Products Through Process Shenanigans
Hunting for These Shenanigans
Exercise: Bypassing Modern Security Products
Conclusions
SANS SEC699.3 Lateral Movement Emulation & Detection
فهرست مطالب کتاب SANS SEC699.3 Lateral Movement Emulation & Detection:
Active Directory Enumeration
BloodHound Enumeration
Exercise: Analyzing BloodHound Attack Chains
Credential Dumping
LSASS Credential Stealing Techniques
Exercise: Stealing Credentials from LSASS
Stealing Credentials Without Touching LSASS
Exercise: Internal Monologue in NTLMv1 Downgrades
Stealing NTLMv2 Challenge-Response
Exercise: Creative NTLMv2 Challenge-Response Stealing
Kerberos Attacks
Kerberos Refresh
Unconstrained Delegation Attacks
Exercise: Unconstrained Delegation Attacks
(Resource-Based) Constrained Delegation
Exercise: (Resource-Based) Constrained Delegation
Conclusions
SANS SEC699.4 Persistence Emulation & Detection
فهرست مطالب کتاب SANS SEC699.4 Persistence Emulation & Detection:
Pivoting Between Domains & Forests
Breaking Domain & Forest Trusts
Exercise: Pivoting between Domains & Forests
Persistence Techniques
COM Object Hijacking
Exercise: COM Object Hijacking
WMI Persistence
Exercise: WMI Persistence
AppCert, AppInit & Netsh Helper DLL
Exercise: Implementing Netsh Helper DLL
Office Template & Library Tricks
Exercise: Office Persistence
Application Shimming
Exercise: Application Shimming
Stealth AD Persistence & Manipulation
Exercise: Stealth AD Persistence
Conclusions
SANS SEC699.5 Azure AD & Emulation Plans
فهرست مطالب کتاب SANS SEC699.5 Azure AD & Emulation Plans:
Azure AD
Azure AD Structure and Management
Azure AD Hybrid Authentication
Azure AD Authentication Methods
Azure AD Conditional Access
Introduction to Azure Identities
Azure AD Security Logging
Executing emulation plans
APT-28 Emulation Plan
Exercise: APT-28 Emulation Plan
APT-34 Emulation Plan
Exercise: APT-34 Emulation Plan
Turla Emulation Plan
Exercise: Turla Emulation plan
SANS SEC699.6 Adversary Emulation Capstone
فهرست مطالب کتاب SANS SEC699.6 Adversary Emulation Capstone:
Capstone
Capstone Introduction – Live Events
Capstone Introduction – OnDemand
