SANS SEC642.6 Capture the Flag
فهرست مطالب کتاب SANS SEC642.6 Capture the Flag:
Network Setup
Exercise Goals
Scope of Work
Rules of Engagement
Start CTF
Four Hours of Game Play
CTF Wrap-Up
SANS SEC670.1 Windows Tool Development
فهرست مطالب SANS SEC670.1 Windows Tool Development:
Course Overview
Developing Offensive Tools
Developing Defensive Tools
Lab 1.1: PE-sieve
Lab 1.2: ProcMon
Setting Up Your Development Environment
Windows DLLs
Lab 1.3: HelloDLL
Windows Data Types
Call Me Maybe
Lab 1.4: Call Me Maybe
SAL Annotations
SANS SEC670.2 Getting to Know Your Target
فهرست مطالب SANS SEC670.2 Getting to Know Your Target:
Gathering Operating System Information
Lab 2.1: OS Info
Service Packs/Hotfixes/Patches
Process Enumeration
Lab 2.2: ProcEnum
Lab 2.3 CreateToolhelp
Lab 2.4 WTSEnum
Installed Software
Directory Walks
Lab 2.5: FileFinder
User Information
Services and Tasks
Network Information
Registry Information
Bootcamp
SANS SEC670.3 Operational Actions
فهرست مطالب SANS SEC670.3 Operational Actions:
PE Format
Lab 3.1: GetFunctionAddress
Threads
Injections
Lab 3.2: ClassicDLLInjection
Lab 3.3: APCInjection
Lab 3.4: ThreadHijacker
Escalations
Lab 3.5: TokenThief
Bootcamp
Lab 3.6: So, You Think You Can Type
Lab 3.7: UACBypass-Research
Lab 3.8: ShadowCraft
SANS SEC670.4 Persistence Die Another Day
فهرست مطالب کتاب SANS SEC670.4 Persistence: Die Another Day:
In Memory Execution
Dropping to Disk
Binary Patching
Registry Keys
Services Revisited
Lab 4.1: Persistent Service
Port Monitors
Lab 4.2: Sauron
IFEO
Lab 4.3: IFEOPersisto
WMI Event Subscriptions
Bootcamp
SANS SEC670.5 Enhancing Your Implant Shellcode, Evasion, and C2
فهرست مطالب کتاب SANS SEC670.5 Enhancing Your Implant Shellcode, Evasion, and C2:
Custom Loaders
Lab 5.1: The Loader
Unhooking Hooks
Lab 5.2: UnhookTheHook
Bypassing AV/EDR
Calling Home
Lab 5.3: No Caller ID
Writing Shellcode in C
Bootcamp
Lab 5.4: AMSI No More
Lab 5.5: ShadowCraft
SANS SEC699 Workbook Sections 1-3
فهرست مطالب کتاب SANS SEC699 Workbook Sections 1-3:
Day 1: Introduction to Purple-Teaming Tools
Day 2: Advanced Initial Execution
Day 3: Advanced Active Directory and Kerberos Attacks
SANS SEC699 Workbook Sections 4 _ 5
فهرست مطالب کتاب SANS SEC699 Workbook Sections 4 & 5:
Day 4: Stealth Persistence Strategies
Day 5: Adversary Emulation
SANS SEC699.1 Adversary Emulation for Breach Prevention & Detection
فهرست مطالب کتاب SANS SEC699.1 Adversary Emulation for Breach Prevention & Detection:
Introduction
Course objectives
Building our lab environment
Introducing the lab architecture
Exercise: Deploying the lab environment
Purple teaming organization
Exercise: Introduction to VECTR™
Key tools
Building a stack for detection
Assessing detection coverage
Rule-based versus anomaly-based detection
Exercise: Preparing our Elastic and SIGMA stack
Building a stack for adversary emulation
Exercise: Preparing adversary emulation stack
Automated emulation using MITRE Caldera
Exercise: Caldera
SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection
فهرست مطالب کتاب SANS SEC699.2 Initial Intrusion Strategies Emulation & Detection:
Initial Intrusion Strategies
Traditional Attack Strategies & Defenses
Emulating Adversarial Techniques & Detections
Anti-Malware Scanning Interface (AMSI)
Office Macro Obfuscation Techniques
Exercise: VBA Stomping, Purging & AMSI Bypasses
Application Execution Control
Exercise: Bypassing Application Execution Control
ExploitGuard & Attack Surface Reduction Rules
Exercise: Bypassing Attack Surface Reduction
Going Stealth – Process Shenanigans
Zooming in on Windows Internals
Bypassing Security Products Through Process Shenanigans
Hunting for These Shenanigans
Exercise: Bypassing Modern Security Products
Conclusions
SANS SEC699.3 Lateral Movement Emulation & Detection
فهرست مطالب کتاب SANS SEC699.3 Lateral Movement Emulation & Detection:
Active Directory Enumeration
BloodHound Enumeration
Exercise: Analyzing BloodHound Attack Chains
Credential Dumping
LSASS Credential Stealing Techniques
Exercise: Stealing Credentials from LSASS
Stealing Credentials Without Touching LSASS
Exercise: Internal Monologue in NTLMv1 Downgrades
Stealing NTLMv2 Challenge-Response
Exercise: Creative NTLMv2 Challenge-Response Stealing
Kerberos Attacks
Kerberos Refresh
Unconstrained Delegation Attacks
Exercise: Unconstrained Delegation Attacks
(Resource-Based) Constrained Delegation
Exercise: (Resource-Based) Constrained Delegation
Conclusions