Windows

This article provides an introduction to PowerShell scripting, including basic concepts and syntax, specific code examples for pen testing and red teaming tasks, and the language’s pros and cons compared to other programming languages in the field.

Mythic is a powerful, open-source post-exploitation framework that offers red teamers and pen testers an extensible and customizable platform with numerous modules, agents, and C2 profiles to enhance their engagements and achieve objectives in various target environments.

SharpSocks is a powerful .NET-based proxy tool for red teaming and network penetration testing that enables encrypted communications, protocol obfuscation, and access to internal resources, providing professional hackers with stealth and persistence in their engagements.

This article provides a comprehensive guide to using Covenant, a powerful command and control framework for red teaming and post-exploitation operations.

This comprehensive guide explores Nishang, a collection of PowerShell scripts designed for penetration testing and red teaming, covering PowerShell basics, Nishang modules, advanced techniques, real-world applications, and modern evasion methods.

A comprehensive guide to PowerSploit, the powerful PowerShell framework for offensive security operations, covering all modules, real-world attack scenarios, detection evasion techniques, and integration with modern red team workflows.

A comprehensive deep-dive into PsExec for offensive operations. Learn how it works under the hood, how to leverage Pass-the-Hash with Impacket, advanced techniques for service name evasion, and understand the massive forensic footprint it leaves so you know when (and when NOT) to use it.

A comprehensive deep-dive into using sc.exe for offensive operations. Learn how to weaponize the Windows Service Control Manager for remote code execution, establish robust persistence via service failure actions, change permissions with subinacl, and bypass EDR controls using kernel-mode drivers.

A comprehensive deep-dive into Wmic for offensive security. Learn how to interrogate system internals, perform lateral movement, discover security software, abuse XSL transformation for code execution, and understand the forensic footprint of WMI activity.

A comprehensive guide to Active Directory reconnaissance with built-in tooling. Learn how to discover privileged accounts, identify service accounts, spot unconstrained delegation, and operate when RSAT isn’t installed.

A comprehensive deep-dive into advanced Windows command-line tools. Learn how to leverage modern binaries like curl and tar, abuse legacy tools for download and execution, and perform stealthy data theft and persistence without triggering alerts.

A deep-dive into the technical requirements and execution of Pass-the-Hash for Remote Desktop Protocol (RDP). Learn the correct xfreerdp syntax, how to enable Restricted Admin Mode remotely, troubleshoot NLA errors, and understand the forensic “Type 3” logon anomaly.

A deep-dive guide into advanced network tunneling techniques. Learn to combine Iptables, SSH (Local, Remote, Dynamic, and Reverse Dynamic), Windows Netsh, and Socat to bypass firewalls, pivot through sophisticated network segments, and maintain a low profile during engagements. Now covers modern tools like Chisel and Ligolo-ng.

A massive, comprehensive deep-dive into leveraging Impacket’s powerful SMB tools for offensive operations. Learn how to access shares using smbclient.py, host malicious shares with smbserver.py, perform high-impact NTLM relaying, dump domain secrets with secretsdump.py, and troubleshoot protocol hurdles.

This article explores how Red Team members can use alternate data streams on Windows NTFS to hide data, with specific examples and cautionary considerations.

A comprehensive guide to mastering port scanning on both Linux and Windows, covering standard tools like Nmap, stealthy built-in techniques, and modern PowerShell-based enumeration.