πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Search…
πŸ““
πŸ““
πŸ““
πŸ““
Red Team Notes 2.0
Introduction
Red Team
Red Team Techniques
Initial Access
Execution
Persistence
T1574: Hijack Execution Flow
T1133:External Remote Services
T1546:Event Triggered Execution
T1543:Create or Modify System Process
T1136: Create Account
Domain Account
Local Account
T1554:Compromise Client Software Binary
T1547:Boot or Logon AutoStart Execution
T1197: BITS Jobs
T1053: Scheduled Tasks/Job
T1098: Account Manipulation
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Active Directory
Active Directory
Active Directory Attacks
Red Team Infrastructure
RED TEAM INFRASTRUCTURE
Domain Name and Categorization
Reconnaissance
Weaponization
Delivery
Situational Awareness
Credential Dumping
Persistence
Defense Evasion
Privilege Escalation
Lateral Movement
Powered By GitBook
T1136: Create Account
Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system,
Accounts may be created on the local system or within a domain or cloud tenant. In cloud environments, adversaries may create accounts that only have access to specific services which can reduce the chance of detection.
Previous
Windows Services
Next
Domain Account
Last modified 1yr ago
Copy link