πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
T1190: Exploit Public-Facing Applications
T1133: External Remote Services
SMB/Windows Admin Shares
RDP Service
T1566: Phishing
T1195: Supply Chain Compromise
T1078: Valid Accounts
T1199: Trusted Relationship
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
Lateral Movement
Powered By GitBook
T1133: External Remote Services
Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management can also be used externally.
Access to Valid Accounts to use the service is often a requirement, which could be obtained through credential pharming or by obtaining the credential from users after compromising the enterprise network. Access to remote services may be used as a redundant or persistent access mechanism during an operation.
Previous
Rejetto HTTP File Server (HFS) 2.3
Next
SMB/Windows Admin Shares
Last modified 1yr ago
Copy link