π
π
π
π
Red Team Notes 2.0
Searchβ¦
π
π
π
π
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Disable or Modify Tools
Obfuscating Files
Privilege Escalation
Lateral Movement
Powered By
GitBook
Disable or Modify Tools
Attackers with the elevated permissions can disable security tools to avoid detection and activities that are being monitored
We can verify Defender is blocking our malicious attempts
We can disable defender utilizing PowerShell, Services, or even GPO Policies, an example is shown below:
Then after Disabling
Note: Something to notice is that Tamper protection blocks this action, ways to block this are via GPO or Registry Keys
Then after disabling any malicious attempts are able to be executed
Previous
Defense Evasion
Next
Obfuscating Files
Last modified
5mo ago
Copy link