πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
T1497: Virtualization/Sandbox Evasion
T1550: Use Alternate Authentication Material
T1127: Trusted Developer Utilities Proxy Execution
T1221: Template Injection
T1553: Subvert Trust Controls
T1216: Signed Script Proxy Execution
T1218: Signed Binary Proxy Execution
T1055: Process Injection
T0127: Obfuscated Files or Information
T1036: Masquerading
T1202: Indirect Command Execution
T1562: Impair Defenses
T1070: Indicator Removal on Host
T1574: Hijack Execution Flow
T1564: Hide Artifacts
T1222: File Directory Permissions Modification
T1480: Execution Guardrails
Environmental Keyring
T1197: BITS Jobs
T1134: Access Token Manipulation
T1548: Abuse Elevation Control Mechanism
De-obfuscate/Decode Files or Information
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
Lateral Movement
Powered By GitBook
T1480: Execution Guardrails
Adversaries may use execution guardrails to constrain execution or actions based on adversary supplied and environment specific conditions that are expected to be present on the target. Guardrails ensure that a payload only executes against and intended target and reduces collateral damage from an adversary campaign. Values an adversary can provide about a target system or environment to use as guardrails may include specific network share names, attached physical devices, files, joined Active Directory (AD) domains, and local/internal IP addresses.
Guardrails can be used to prevent exposure of capabilities in environments that are not intended to be compromised or operated within. This use of guardrails is distinct from typical Virtualization/Sandbox Evasion. While use of Virtualization/Sandbox Evasion may involve checking for known sandbox values and continuing with execution only if there is no match, the use of guardrails will involve checking for an expected target-specific value only continuing with execution if there is such a match.
Previous
Windows File and Directory Permissions Modification
Next
Environmental Keyring
Last modified 1yr ago
Copy link