{"version":1,"pages":[{"id":"-MRh09RQIYhfzfXUn9Bt","title":"Introduction","pathname":"/red-team-notes-2-0","siteSpaceId":"sitesp_HMaNd","description":"Red Team Notes 2.0"},{"id":"-MRh0coHBn9-OWSPf_U4","title":"Red Team","pathname":"/red-team-notes-2-0/red-team","siteSpaceId":"sitesp_HMaNd","description":"The Offensive Side"},{"id":"-MRh0ks6k5Flib1Kk-aK","title":"Initial Access","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access","siteSpaceId":"sitesp_HMaNd","description":"The Adversary is trying to get into your Network","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"gcDOZRphZ0mEyy65yqVn","title":"T1659: Content Injection","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1659-content-injection","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh2ssphitabx2KNHtB","title":"T1190: Exploit Public-Facing Applications","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1190-exploit-public-facing-applications","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh3dT8IAZKC5emBcbI","title":"Rejetto HTTP File Server (HFS) 2.3","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1190-exploit-public-facing-applications/rejetto-http-file-server-hfs-2.3","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1190: Exploit Public-Facing Applications"}]},{"id":"-MRh1SxZJ5uDm_qJTWav","title":"T1133: External Remote Services","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/untitled","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh2SIF7NEDwGOxDYZm","title":"SMB/Windows Admin Shares","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/untitled/smb-windows-admin-shares","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1133: External Remote Services"}]},{"id":"-MRh1zCZhgY1swBGbHA9","title":"RDP Service","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/untitled/rdp-service","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1133: External Remote Services"}]},{"id":"-MRh4FJNoq_ExFi-8EBJ","title":"T1566: Phishing","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh85VFrSwLlNaHFyu4","title":"Phishing: Spearphishing via Service","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-via-service","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"}]},{"id":"-MRh6pZNLcxY_1xgBEor","title":"Phishing: Spearphishing Link","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-link","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"}]},{"id":"-MRh7ist53NlFaMA28iW","title":"Links: Social Engineering Toolkit","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-link/links-social-engineering-toolkit","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Link"}]},{"id":"-MRh7IGupOdk6imP0q7O","title":"Links: Binaries","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-link/links-binaries","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Link"}]},{"id":"-MRh70TH79L1MgPW0G46","title":"Links: HTA Files","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-link/links-hta-files","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Link"}]},{"id":"-MRh4RNZfrokGPYfSrAQ","title":"Phishing: Spearphishing Attachment","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"}]},{"id":"-MRh62S1G-s1-m1wHksr","title":"Attachments: LNK Files","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-lnk-files","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"-MRh5hbg7UT8Gp9oWRvY","title":"Attachments: SCR Files","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-scr-files","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"-MRh5CH_OdXx-H2CnoUe","title":"Attachments: Dynamic Data Exchange","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-dynamic-data-exchange","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"-MRh4XiCLANCx76sHc3a","title":"Attachments: Macros","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-macros","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"21dpCNuuHhuTGSQUYo2T","title":"Attachments: Macros - Linux","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-macros-linux","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"pHcWnEMvuESd05U7sEAb","title":"Attachments: Scripting Files","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-scripting-files","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"poihiesS0GX1ZZLGlmcF","title":"Attachments: Desktop Files","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1566-phishing/phishing-spearphishing-attachment/attachments-desktop-files","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1566: Phishing"},{"label":"Phishing: Spearphishing Attachment"}]},{"id":"-MRh90ajMMfAYMvAUbdT","title":"T1195: Supply Chain Compromise","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1195-supply-chain-compromise","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh9prW8Ta_9ouXXm33","title":"Compromise Hardware Supply Chain","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1195-supply-chain-compromise/compromise-hardware-supply-chain","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1195: Supply Chain Compromise"}]},{"id":"-MRh9lB6qRC45gtoUGj6","title":"Compromise Software Supply Chain","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1195-supply-chain-compromise/compromise-software-supply-chain","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1195: Supply Chain Compromise"}]},{"id":"-MRh9c8ruMXyaHULyF3p","title":"Compromise Software Dependencies and Development Tools","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1195-supply-chain-compromise/compromise-software-dependencies-and-development-tools","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1195: Supply Chain Compromise"}]},{"id":"-MRh8OHOhDWCt0UXQqnb","title":"T1078: Valid Accounts","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1078-valid-accounts","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRh8k2uBE1mpYq6NZfq","title":"Local Accounts","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1078-valid-accounts/local-accounts","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1078: Valid Accounts"}]},{"id":"-MRh8eW5eFFp6qZtSNlF","title":"Domain Accounts","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1078-valid-accounts/domain-accounts","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1078: Valid Accounts"}]},{"id":"-MRh8XKwT5auLVml86dz","title":"Default Accounts","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1078-valid-accounts/default-accounts","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"},{"label":"T1078: Valid Accounts"}]},{"id":"-MRh8E2SB4Uc2oKkwvfJ","title":"T1199: Trusted Relationship","pathname":"/red-team-notes-2-0/red-team-techniques/initial-access/t1199-trusted-relationship","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Initial Access"}]},{"id":"-MRhA2ar1YO8DTTuN-Lk","title":"Execution","pathname":"/red-team-notes-2-0/red-team-techniques/execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRhFXHQ69uK_q9YJMZP","title":"T1047:Windows Management Instrumentation","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1047-windows-management-instrumentation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhFDw7cDVRXDgotQxz","title":"T1204: User Execution","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1204-user-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhFQfpZQv9uLbBYLh-","title":"Malicious File","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1204-user-execution/malicious-file","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1204: User Execution"}]},{"id":"-MRhFK0Y7pF_FG9GxkTj","title":"Malicious Link","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1204-user-execution/malicious-link","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1204: User Execution"}]},{"id":"-MRhF4YXA6RxVe1gwUZP","title":"T1569: Service Execution","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1569-service-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"ad16g1tl7ojzvHPC5E0g","title":"T1053: Scheduled Tasks/Job","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1053-scheduled-tasks-job","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"WDTElYs8UiZixrKgtHDX","title":"Shared Modules","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1053-scheduled-tasks-job/shared-modules","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"OiVxi5YoYKX55wp9Rm4U","title":"Scheduled Task","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1053-scheduled-tasks-job/scheduled-task","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"y9jIXJo36Hz9UxTOw0Pb","title":"At (Windows)","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1053-scheduled-tasks-job/at-windows","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"-MRhDaQv26fVi-jyIxm_","title":"T1106: Native API","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1106-native-api","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhCrDbKJuod8cfGKqq","title":"T1559: Inter-Process Communication","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1559-inter-process-communication","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhDIOkbCvoYk0Sq9Jj","title":"Dynamic Data Exchange","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1559-inter-process-communication/dynamic-data-exchange","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1559: Inter-Process Communication"}]},{"id":"-MRhCxZkCu_-FJhwe04O","title":"Component Object Model","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1559-inter-process-communication/component-object-model","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1559: Inter-Process Communication"}]},{"id":"-MRhC57nEKFbB7Zi9pYk","title":"T1203: Exploitation for Client Execution","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1203-exploitation-for-client-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhCisyIajUB0hztnx6","title":"Common Third-Party Applications","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1203-exploitation-for-client-execution/common-third-party-applications","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1203: Exploitation for Client Execution"}]},{"id":"-MRhCEuRsIL_4Q4zVjuT","title":"Office Applications","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1203-exploitation-for-client-execution/office-applications","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1203: Exploitation for Client Execution"}]},{"id":"-MRhALDfsxyxpz3L4dlF","title":"T1059: Command and Scripting Interpreter","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"}]},{"id":"-MRhByTwQmszTQBMOaf7","title":"Network Device CLI","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/network-device-cli","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhBpgq3422oSvdyafU","title":"JavaScript/JScript","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/javascript-jscript","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhBcuBPPhJ5lMyCDpX","title":"Python","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/python","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhBTNmihyppD95B0da","title":"Visual Basic","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/visual-basic","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhBN5AM0OY7u48aof_","title":"Unix Shell","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/unix-shell","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhB9mkBzZ2cCaC5nX9","title":"Windows Command Shell","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/windows-command-shell","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhAj51P0_lPd0MDHXH","title":"PowerShell","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/powershell","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"beIMmHVj50u7X0IVvOY7","title":"AutoHotKey & AutoIT","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/autohotkey-and-autoit","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"77jpVl93jj0e07hnZXFM","title":"Deploy Container","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/deploy-container","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"eTg2o4Lavq6abrsWA9G5","title":"Native API - Linux","pathname":"/red-team-notes-2-0/red-team-techniques/execution/t1059-command-and-scripting-interpreter/native-api-linux","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Execution"},{"label":"T1059: Command and Scripting Interpreter"}]},{"id":"-MRhGielEyexhD3blkZ-","title":"Persistence","pathname":"/red-team-notes-2-0/red-team-techniques/persistence","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRhOfDWnOfa4YtsFWUY","title":"T1574: Hijack Execution Flow","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhZ7WqsZw3efNHVU94","title":"Service File permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/service-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhYwedotkmIXGSU-Ou","title":"Path Interception by Unquoted Path","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/path-interception-by-unquoted-path","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhYlDWmVJ2Gz3HPqdm","title":"Path Interception by Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/path-interception-by-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhXxswTyAkyktH1A-b","title":"Path Interception by PATH Environment Variable","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/path-interception-by-path-environment-variable","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhXjiN1q1yIB_xTiKW","title":"Executable Installer File Permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/executable-installer-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhP5TrDfvOeYvWhE9v","title":"DLL Side-Loading","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/dll-side-loading","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhOoBp13VF3YzvZQz_","title":"DLL Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/dll-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"IlP4mEcMUqTvYDw604vn","title":"Dynamic Linker Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1574-hijack-execution-flow/dynamic-linker-hijacking","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhOCR8Zv1Pw8Cwk9Pf","title":"T1133:External Remote Services","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1133-external-remote-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhOUiHx0EpPGanT3_j","title":"SMB/Windows Admin Shares","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1133-external-remote-services/smb-windows-admin-shares","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1133:External Remote Services"}]},{"id":"-MRhOI2GQ6rE2YTL_MJc","title":"RDP Service","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1133-external-remote-services/rdp-service","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1133:External Remote Services"}]},{"id":"-MRhL0kD_83TFOUqHpeR","title":"T1546:Event Triggered Execution","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhNs21HqY5tQu8SPeA","title":"Component Object Model Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/component-object-model-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhN7hPASJZW02FvPKY","title":"PowerShell Profile","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/powershell-profile","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhMvyB7yq47UpD8kHL","title":"Application Shimming","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/application-shimming","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhMkii16URMQ84NT9D","title":"Accessibility Features","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/accessibility-features","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhMUhdNMWJcORRxz9g","title":"Netsh Helper DLL","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/netsh-helper-dll","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhLMMxWKrok7_lb4xO","title":"Screensaver","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/screensaver","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhL71myAFmLL1-cEMf","title":"Default File Association","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/default-file-association","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"nblIRFeCU1iq0iGpgxBs","title":"Unix Shell Configuration Modification","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/unix-shell-configuration-modification","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"gUp1C7K4JPv6wHd35QQo","title":"Trap","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/trap","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"SOSuFFfAIa8Q5LoUINTU","title":"Installer Packages","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1546-event-triggered-execution/installer-packages","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhKfNbOc-BvLdWVKjE","title":"T1543:Create or Modify System Process","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1543-create-or-modify-system-process","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhKkCuDHXiGKwmZ3CE","title":"Windows Services","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1543-create-or-modify-system-process/windows-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1543:Create or Modify System Process"}]},{"id":"y1a9d1YQ6UgkAjT7cxZ4","title":"Systemd Service","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1543-create-or-modify-system-process/systemd-service","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1543:Create or Modify System Process"}]},{"id":"-MRhKA_KWS6BpbLJaIJ3","title":"T1136: Create Account","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1136-create-account","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhKVmDU8cXQsp5xX01","title":"Domain Account","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1136-create-account/domain-account","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1136: Create Account"}]},{"id":"-MRhKJIGTNAn6b3cTcPH","title":"Local Account","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1136-create-account/local-account","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1136: Create Account"}]},{"id":"-MRhIwX9EIPwq_4kiLZf","title":"T1554:Compromise Client Software Binary","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1554-compromise-client-software-binary","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhHTw5j6Uy5GDj1IJN","title":"T1547:Boot or Logon AutoStart Execution","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1547-boot-or-logon-autostart-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhIfK0qvF2ML-N0OAT","title":"Shortcut Modification","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1547-boot-or-logon-autostart-execution/shortcut-modification","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhIQEgGCAW4cEDRDf4","title":"Winlogon Helper DLL","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1547-boot-or-logon-autostart-execution/winlogon-helper-dll","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhIBBJwjljkh59WrU1","title":"Time Providers","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1547-boot-or-logon-autostart-execution/time-providers","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhHjvnaijSk1RKfSKI","title":"Registry Run Keys / Startup Folder","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1547-boot-or-logon-autostart-execution/registry-run-keys-startup-folder","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"8VGV8an37PkNr11SJcQe","title":"T1037:  Boot or Logon Initialization Scripts","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1037-boot-or-logon-initialization-scripts","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"Sz6ge6AQ6spjYApTCBVN","title":"RC Scripts","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1037-boot-or-logon-initialization-scripts/rc-scripts","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1037:  Boot or Logon Initialization Scripts"}]},{"id":"-MRhHIz2VQh6NIwmgfNH","title":"T1197: BITS Jobs","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1197-bits-jobs","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhDkCGZZsxC8TDdDY5","title":"T1053: Scheduled Tasks/Job","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"-MRhEWRy1y_KxNVisFaB","title":"Shared Modules","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job/shared-modules","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"-MRhE97vIvDcEoL-bQmb","title":"Scheduled Task","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job/scheduled-task","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"-MRhDwLb6BZNsG2LxpQD","title":"At (Windows)","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job/at-windows","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"y9j30ZIluhQu1Y7OKZVA","title":"Cron","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job/cron","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"OfZ9XPYKOd9tMlBY0VZL","title":"Systemd Timers","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1053-scheduled-tasks-job/systemd-timers","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1053: Scheduled Tasks/Job"}]},{"id":"-MRhGr524DkMxtRBXnn3","title":"T1098: Account Manipulation","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1098-account-manipulation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"nP0dv1AX92SRrC9H8Vme","title":"SSH Authorized Keys","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1098-account-manipulation/ssh-authorized-keys","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1098: Account Manipulation"}]},{"id":"paRP4xt8XzdZbwzBZvGz","title":"T1556: Modify Authentication Process","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1556-modify-authentication-process","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"BthnfyRjNULDWpD5omHy","title":"Pluggable Authentication Modules","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1556-modify-authentication-process/pluggable-authentication-modules","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1556: Modify Authentication Process"}]},{"id":"ZXfI6FjFUqyppSx3cWsm","title":"T1653: Power Settingss","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1653-power-settingss","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"Zo7cLSj6D0pPq0FRMlcq","title":"T1505:  Server Software Component","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1505-server-software-component","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"}]},{"id":"lI7RthK2fNp8kvtnNtDr","title":"WebShell","pathname":"/red-team-notes-2-0/red-team-techniques/persistence/t1505-server-software-component/webshell","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Persistence"},{"label":"T1505:  Server Software Component"}]},{"id":"-MRhZaw8lecSUtUEb5he","title":"Privilege Escalation","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRhg80D7SZ79iELyB-l","title":"T1546:Event Triggered Execution","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhgAU70-6V6XV5Su_U","title":"PowerShell Profile","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/powershell-profile","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhgAU8WGhBE0spTsCv","title":"Component Object Model Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/component-object-model-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhgAU9hsX6TbtmKaYy","title":"Application Shimming","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/application-shimming","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhgAUAUQ3E74X_-ARC","title":"Accessibility Features","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/accessibility-features","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhgAUBi05tDSr3FDwy","title":"Screensaver","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/screensaver","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"-MRhgAUCfSk5Wh_azMfb","title":"Default File Association","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-3/default-file-association","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1546:Event Triggered Execution"}]},{"id":"0AdbYDzcGPBQtbxWacDu","title":"T1612: Build Image on Host","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1612-build-image-on-host","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhfbICx2qVBQddhsNL","title":"T1574: Hijack Execution Flow","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhfj6UKVL0Yux3K-n2","title":"Service File permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/service-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6VDrTx58fMj4Tk","title":"Path Interception by Unquoted Path","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/path-interception-by-unquoted-path","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6WvBTA686OvInO","title":"Path Interception by Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/path-interception-by-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6X5Ni60W4iPS1x","title":"Path Interception by PATH Environment Variable","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/path-interception-by-path-environment-variable","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6YUBvnFpXC5UJE","title":"Executable Installer File Permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/executable-installer-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6ZMUsxAVbxLkaM","title":"DLL Side-Loading","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/dll-side-loading","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhfj6_fwb2VSBwy7OQ","title":"DLL Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-2/dll-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhf7uGADOlve-H9tXY","title":"T1543:Create or Modify System Process","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-1","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhf9nLzoSLZumdh1s_","title":"Windows Services","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled-1/windows-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1543:Create or Modify System Process"}]},{"id":"-MRhdlPUtvq5Qqc6wBxD","title":"T1547:Boot or Logon AutoStart Execution","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRheDZHr0RaxKteihLw","title":"Winlogon Helper DLL","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled/winlogon-helper-dll","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhdqOAY3jFxiHkS7Zk","title":"Shortcut Modification","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled/shortcut-modification","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhdqOBycp0MzaOrjp1","title":"Time Providers","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled/time-providers","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhdqOCnL7OtzsRG6wQ","title":"Registry Run Keys / Startup Folder","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/untitled/registry-run-keys-startup-folder","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1547:Boot or Logon AutoStart Execution"}]},{"id":"-MRhZzo95MhhpKOVsB-_","title":"T1134: Access Token Manipulation","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1134-access-token-manipulation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhaEf3UxnyA8VR_q0b","title":"Parent PID Spoofing","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1134-access-token-manipulation/parent-pid-spoofing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRh_zwEzY0chl7oRaYb","title":"Make and Impersonate Token","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1134-access-token-manipulation/make-and-impersonate-token","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRh_U2i7uXg8IHoAi3S","title":"Create Process with Token","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1134-access-token-manipulation/create-process-with-token","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRh_65hTUA5hQdgUB7i","title":"Token Impersonation/Theft","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1134-access-token-manipulation/token-impersonation-theft","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRhZjOju797gFhvZV-V","title":"T1548: Abuse Elevation Control Mechanism","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1548-abuse-elevation-control-mechanism","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhZqTAapJn8tfPqSSF","title":"Bypass User Account Control","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1548-abuse-elevation-control-mechanism/bypass-user-account-control","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1548: Abuse Elevation Control Mechanism"}]},{"id":"UciyfPBTMNHeeY1f4X5O","title":"Setuid and Setgid","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1548-abuse-elevation-control-mechanism/setuid-and-setgid","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1548: Abuse Elevation Control Mechanism"}]},{"id":"XThCydJqbUpFLkCSPImn","title":"Sudo and Sudo Caching","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1548-abuse-elevation-control-mechanism/sudo-and-sudo-caching","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"},{"label":"T1548: Abuse Elevation Control Mechanism"}]},{"id":"YBiIi7HB2rD4Pcpk8OIK","title":"T1611: Escape to Host","pathname":"/red-team-notes-2-0/red-team-techniques/privilege-escalation/t1611-escape-to-host","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Privilege Escalation"}]},{"id":"-MRhgtRv0ek3jslqCGiX","title":"Defense Evasion","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRkal1AV3uTN-xLYpiN","title":"T1497: Virtualization/Sandbox Evasion","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1497-virtualization-sandbox-evasion","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRkbF-aueXrqB9D4P9E","title":"Time Based Evasion","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1497-virtualization-sandbox-evasion/time-based-evasion","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1497: Virtualization/Sandbox Evasion"}]},{"id":"-MRkb3eOhWPtRFkT837l","title":"User Activity Based Checks","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1497-virtualization-sandbox-evasion/user-activity-based-checks","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1497: Virtualization/Sandbox Evasion"}]},{"id":"-MRkatRlUma-yFk0StVl","title":"System Checks","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1497-virtualization-sandbox-evasion/system-checks","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1497: Virtualization/Sandbox Evasion"}]},{"id":"-MRkaLvPzYcttt6BXaeM","title":"T1550: Use Alternate Authentication Material","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1550-use-alternate-authentication-material","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRkacQMfhukfsvIg1tN","title":"Pass the Ticket","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1550-use-alternate-authentication-material/pass-the-ticket","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1550: Use Alternate Authentication Material"}]},{"id":"-MRkaTt26qrb7zL9mweK","title":"Pass the Hash","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1550-use-alternate-authentication-material/pass-the-hash","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1550: Use Alternate Authentication Material"}]},{"id":"-MRk_r8HV2phSr6__uCQ","title":"T1127: Trusted Developer Utilities Proxy Execution","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1127-trusted-developer-utilities-proxy-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRk_yhsQ8LJJz7P2OQf","title":"MSBuild","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1127-trusted-developer-utilities-proxy-execution/msbuild","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1127: Trusted Developer Utilities Proxy Execution"}]},{"id":"-MRk_YR9VEYU5qYhmA1A","title":"T1221: Template Injection","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1221-template-injection","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRk_-pk8ZHde-Q1kKxf","title":"T1553: Subvert Trust Controls","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1553-subvert-trust-controls","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRk_I-1pP7ruoSrTWsQ","title":"SIP and Trust Provider Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1553-subvert-trust-controls/sip-and-trust-provider-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1553: Subvert Trust Controls"}]},{"id":"-MRk_6tO0MWhqeJXmtxE","title":"Code Signing","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1553-subvert-trust-controls/code-signing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1553: Subvert Trust Controls"}]},{"id":"-MRkZfygnLTOwTkUU8bP","title":"T1216: Signed Script Proxy Execution","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1216-signed-script-proxy-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhz8Wmn3Fu9nLVDr0A","title":"T1218: Signed Binary Proxy Execution","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhzRMmiGAiPVhB0olP","title":"Compiled HTML File","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-10","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzQn_K4EVm0TN_dmW","title":"Control Panel","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-9","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzQJwi14cj0NqaPTF","title":"CMSTP","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-8","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzPvjxmG_dARmLL3V","title":"InstallUtil","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-7","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzPPsBriW8KbeBsMt","title":"MSHTA","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-6","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzOtL_hsJy8BrhUZy","title":"MSIEXEC","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-5","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzOSHHwPQjUf0G1q6","title":"ODBCCONF","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-4","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzO15aoWU0LldI8u3","title":"Regsvcs/Regasm","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-3","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzNZDz_V_L_ab_lDn","title":"Regsvr32","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-2","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzMnzBw2OvnpkMxI5","title":"Rundll32","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled-1","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhzMIcNEBVAPxFZ2ut","title":"Verclsid","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1218-signed-binary-proxy-execution/untitled","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1218: Signed Binary Proxy Execution"}]},{"id":"-MRhtVnspffwBSJfoysd","title":"T1055: Process Injection","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhtm7KJOch5zI5l-o0","title":"Dynamic-Link Library Injection","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/dynamic-link-library-injection","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtlex-5l9_InDxs7C","title":"Portable Execution Injection","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/portable-execution-injection","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtlFLMNfiywyBfpBS","title":"Thread Execution Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/thread-execution-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtks-_oN1TjOyLNEl","title":"Asynchronous Procedure Call","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/asynchronous-procedure-call","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtkNTVVjGhTN-W1AZ","title":"Thread Local Storage","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/thread-local-storage","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtiomoN3MnrRpkZ_D","title":"Extra Window Memory Injection","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/extra-window-memory-injection","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhtiK0KbPY5v7-HDb4","title":"Process Hollowing","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/process-hollowing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhthqfq0Ka5aJLh_DP","title":"Process Doppelganging","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1055-process-injection/process-doppelganging","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1055: Process Injection"}]},{"id":"-MRhrzQUf9RoWc0tXlXR","title":"T0127: Obfuscated Files or Information","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhsArqkQHRjr3crlrp","title":"Binary Padding","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/binary-padding","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T0127: Obfuscated Files or Information"}]},{"id":"-MRhsA5x13YQ8_AMZ3fy","title":"Software Packing","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/software-packing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T0127: Obfuscated Files or Information"}]},{"id":"-MRhs9bEc3tU8vcAHUFE","title":"Steganography","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/steganography","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T0127: Obfuscated Files or Information"}]},{"id":"-MRhs92cpgyDJaXofPO2","title":"Compile After Delivery","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/compile-after-delivery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T0127: Obfuscated Files or Information"}]},{"id":"-MRhs8TCOEITqHXvvxyl","title":"Indicator Removal from Tools","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t0127-obfuscated-files-or-information/indicator-removal-from-tools","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T0127: Obfuscated Files or Information"}]},{"id":"-MRhqxMKK_UR1foD_j10","title":"T1036: Masquerading","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhr8vb39RZMe9drknH","title":"Invalid Code Signature","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading/invalid-code-signature","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1036: Masquerading"}]},{"id":"-MRhr84tFoLcdtpkeiua","title":"Right-to-Left-Override","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading/right-to-left-override","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1036: Masquerading"}]},{"id":"-MRhr7DHftGBtdnF53lM","title":"Rename System Utilities","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading/rename-system-utilities","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1036: Masquerading"}]},{"id":"-MRhr6iOEH1g5JTMnFnq","title":"Masquerade Task or Service","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading/masquerade-task-or-service","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1036: Masquerading"}]},{"id":"-MRhr56t-gIYSq5M8m0c","title":"Match Legitimate Name or location","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1036-masquerading/match-legitimate-name-or-location","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1036: Masquerading"}]},{"id":"-MRhqQwg3A03HTelfpHE","title":"T1202: Indirect Command Execution","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1202-indirect-command-execution","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhoXoLwswrl4f6ssNT","title":"T1562: Impair Defenses","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhogZHKzSkhq_s7hii","title":"Disable or Modify Tools","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-or-modify-tools","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"-MRhofzFAcIcI1utNzqq","title":"Disable Windows Event Logging","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"-MRhofJbuf9qJuVWXPkp","title":"Impair Command History Logging","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/impair-command-history-logging","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"-MRhoeqIP72yFHQNcfQ1","title":"Disable or Modify System Firewall","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-or-modify-system-firewall","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"N7SP1YfEKWY7tFzBnW1U","title":"Disable or Modify Linux Audit System","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-or-modify-linux-audit-system","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"-MRhocsKDlihn4QmFHd9","title":"Indicator Blocking","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/indicator-blocking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1562: Impair Defenses"}]},{"id":"-MRhn-QF0R8gkxWVEKKg","title":"T1070: Indicator Removal on Host","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhnV71tXoQhzeODXYB","title":"Clear Windows Event Logs","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host/clear-windows-event-logs","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1070: Indicator Removal on Host"}]},{"id":"-MRhnUbcjrMn8KoVqIGc","title":"Clear Command History","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host/clear-command-history","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1070: Indicator Removal on Host"}]},{"id":"-MRhnU1cWc1zVPnk6drP","title":"File Deletion","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host/file-deletion","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1070: Indicator Removal on Host"}]},{"id":"-MRhnTOhd1kwaRfvA0qd","title":"Network Share Connection Removal","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host/network-share-connection-removal","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1070: Indicator Removal on Host"}]},{"id":"-MRhnSkWwi_bwrpbdPho","title":"TimeStomping","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1070-indicator-removal-on-host/timestomping","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1070: Indicator Removal on Host"}]},{"id":"-MRhmzrd0Ijf4txw98yR","title":"T1574: Hijack Execution Flow","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhn4uZXj-cveYOTgBw","title":"Path Interception by Unquoted Path","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/path-interception-by-unquoted-path","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4u_wqGPkAQp2bf6","title":"Service File permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/service-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4uajnbV5i9IDOzZ","title":"Path Interception by Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/path-interception-by-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4ub-2s7NysPAVAM","title":"Path Interception by PATH Environment Variable","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/path-interception-by-path-environment-variable","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4uc59BdWLen5SOX","title":"Executable Installer File Permissions Weakness","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/executable-installer-file-permissions-weakness","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4udFC6w_Xl1TBva","title":"DLL Side-Loading","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/dll-side-loading","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhn4ueNjTNlH6gb1eC","title":"DLL Search Order Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-5/dll-search-order-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1574: Hijack Execution Flow"}]},{"id":"-MRhktT_u3Pp9fwRqvK2","title":"T1564: Hide Artifacts","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhmlTnfLWHZCmSsnuQ","title":"VBA Stomping","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/vba-stomping","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"-MRhmequx6cAOdupWHgu","title":"Run Virtual Instance","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/run-virtual-instance","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"-MRhltJ_BoE7hjsEf9JF","title":"NTFS File Attributes","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/ntfs-file-attributes","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"-MRhlGU4c29le2ddYA5z","title":"Hidden Window","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/hidden-window","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"gOGuJhO9iaSKuEenwJot","title":"Hidden File System","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/hidden-file-system","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"Ui2orGeahLVHyEniN22s","title":"Hidden Users","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/hidden-users","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"vGhOM9Vaf2MzmPPlUhPU","title":"Ignore Process Interrupts","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/ignore-process-interrupts","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"c77N8PfUsHXRd7zE7BnF","title":"File/Path Exclusions","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/file-path-exclusions","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"-MRhl4N58GB4pmAgzfm7","title":"Hidden Files and Directories","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/t1564-hide-artifacts/hidden-files-and-directories","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1564: Hide Artifacts"}]},{"id":"-MRhj4Jyx9EaCpfsIGFa","title":"T1222: File Directory Permissions Modification","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-4","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"eCPlRfNd42sDKQaqFqOo","title":"Linux and Mac File and Directory Permissions Modification","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-4/linux-and-mac-file-and-directory-permissions-modification","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1222: File Directory Permissions Modification"}]},{"id":"-MRhkXEA6Ux7MEQ8g5dl","title":"Windows File and Directory Permissions Modification","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-4/windows-file-and-directory-permissions-modification","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1222: File Directory Permissions Modification"}]},{"id":"-MRhj3pBUR9AF2zarJz3","title":"T1480: Execution Guardrails","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-3","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"aOPmYJ1kNCbhImwTG20M","title":"Environmental Keying Linux","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-3/environmental-keying-linux","siteSpaceId":"sitesp_HMaNd","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1480: Execution Guardrails"}]},{"id":"-MRhjXLzCcdOHLAb_pZn","title":"Environmental Keying","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-3/environmental-keyring","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1480: Execution Guardrails"}]},{"id":"-MRhj3MMo_YW2L9L845f","title":"T1197: BITS Jobs","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-2","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhj2Xb0nP3finIzzqk","title":"T1134: Access Token Manipulation","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-1","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhj7VCu0kiTUCzGl7B","title":"Parent PID Spoofing","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-1/parent-pid-spoofing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRhj7VDXhevIiy5Xmzz","title":"Make and Impersonate Token","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-1/make-and-impersonate-token","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRhj7VEK8ONfrRHhkMA","title":"Create Process with Token","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-1/create-process-with-token","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRhj7VFViV5c9Rlh4CE","title":"Token Impersonation/Theft","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled-1/token-impersonation-theft","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1134: Access Token Manipulation"}]},{"id":"-MRhiduHW6l6q3FKQjjG","title":"T1548: Abuse Elevation Control Mechanism","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRhirgd8tkllexF2EFW","title":"Bypass User Account Control","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/untitled/bypass-user-account-control","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"},{"label":"T1548: Abuse Elevation Control Mechanism"}]},{"id":"-MRhhMr_9NxNBni1s6e4","title":"De-obfuscate/Decode Files or Information","pathname":"/red-team-notes-2-0/red-team-techniques/defense-evasion/de-obfuscate-decode-files-or-information","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Defense Evasion"}]},{"id":"-MRkcgdjptvBURPtYz-y","title":"Credential Access","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRkpX8NOiSHkFzpzoga","title":"T1552: Unsecured Credentials","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1552-unsecured-credentials","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkqUmTagHysLoXrpwj","title":"Group Policy Preferences","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1552-unsecured-credentials/group-policy-preferences","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1552: Unsecured Credentials"}]},{"id":"-MRkqLRIntpyBKLt06AQ","title":"Private Keys","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1552-unsecured-credentials/private-keys","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1552: Unsecured Credentials"}]},{"id":"-MRkqCMP24fzTbETCSB0","title":"Credentials in Registry","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1552-unsecured-credentials/credentials-in-registry","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1552: Unsecured Credentials"}]},{"id":"-MRkq5imEhugZhkhxlM1","title":"Credentials in Files","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1552-unsecured-credentials/credentials-in-files","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1552: Unsecured Credentials"}]},{"id":"-MRkn13_30p82D6FMJm4","title":"T1558: Steal or Forge Kerberos Tickets","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1558-steal-or-forge-kerberos-tickets","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkp1JTzdsxxb5Qdd3F","title":"AS-REP Roasting","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1558-steal-or-forge-kerberos-tickets/as-rep-roasting","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1558: Steal or Forge Kerberos Tickets"}]},{"id":"-MRknijQsd6ga2rWwo5q","title":"Kerberoasting","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1558-steal-or-forge-kerberos-tickets/kerberoasting","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1558: Steal or Forge Kerberos Tickets"}]},{"id":"-MRknHg3wo7CQ49t_p8N","title":"Silver Ticket","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1558-steal-or-forge-kerberos-tickets/silver-ticket","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1558: Steal or Forge Kerberos Tickets"}]},{"id":"-MRkn9AhtoaQ2ERkzcPX","title":"Golden Ticket","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1558-steal-or-forge-kerberos-tickets/golden-ticket","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1558: Steal or Forge Kerberos Tickets"}]},{"id":"-MRkl4kStreLvRUNRcg_","title":"T1003: OS Credential Dumping","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkmsoYv2UtijzEnkIv","title":"DCSync","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/dcsync","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRkmik0A_EIIAKembYw","title":"Cached Domain Credentials","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/cached-domain-credentials","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRklyvaCSe_t1ETS94y","title":"LSA Secrets","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/lsa-secrets","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRkloxkYGAwteEGXLWC","title":"NTDS","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/ntds","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRklZ3nyp_YqO1wV6CS","title":"Security Account Manager","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/security-account-manager","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRklCCXAr8I4iNiza__","title":"LSASS Memory","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1003-os-credential-dumping/lsass-memory","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1003: OS Credential Dumping"}]},{"id":"-MRkkvqqivvUs-4Y5S17","title":"T1040: Network Sniffing","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1040-network-sniffing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkgx9WlLL_ZRQWrXXZ","title":"T1556: Modify Authentication Process","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1556-modify-authentication-process","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkkiM-fvxXuBrsqBr8","title":"Password Filter DLL","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1556-modify-authentication-process/password-filter-dll","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1556: Modify Authentication Process"}]},{"id":"-MRkh25EcMvePCHBZruO","title":"Domain Controller Authentication","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1556-modify-authentication-process/domain-controller-authentication","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1556: Modify Authentication Process"}]},{"id":"-MRkgB-lDkTTgo9q2DX-","title":"T1557: Man-in-the-Middle","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1557-man-in-the-middle","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkgg7kFtv8_DOFoazQ","title":"Arp Cache Poisoning","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1557-man-in-the-middle/arp-cache-poisoning","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1557: Man-in-the-Middle"}]},{"id":"-MRkgFGYt-pXvQ3xKnZV","title":"LLMNR/NBT-NS Poisoning and SMB Relay","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1557-man-in-the-middle/untitled","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1557: Man-in-the-Middle"}]},{"id":"-MRkfKDBCj2lLQTmvzBw","title":"T1056: Input Capture","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1056-input-capture","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkg1ciHXIRneN_mSE1","title":"Web Portal Capture","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1056-input-capture/web-portal-capture","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1056: Input Capture"}]},{"id":"-MRkfsvRb995Ur9qGc_P","title":"GUI Input Capture","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1056-input-capture/gui-input-capture","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1056: Input Capture"}]},{"id":"-MRkfmK8FFBC5qKMutmh","title":"Keylogging","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1056-input-capture/keylogging","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1056: Input Capture"}]},{"id":"-MRkeciTbUln9kG7kP7a","title":"T1187: Forced Authentication","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1187-forced-authentication","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkeKr5zSy8hAjYz1Mc","title":"T1555: Credentials from Password Stores","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1555-credentials-from-password-stores","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkeT2hZmcrxsV4VuZ4","title":"Credentials from Web Browsers","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1555-credentials-from-password-stores/credentials-from-web-browsers","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1555: Credentials from Password Stores"}]},{"id":"-MRkct6mOikSRUA0MYA_","title":"T1110: Brute Force","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1110-brute-force","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"}]},{"id":"-MRkdyOT9LytB1Q-0SMP","title":"Credential Stuffing","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1110-brute-force/credential-stuffing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1110: Brute Force"}]},{"id":"-MRkdgrmec4CPtm9flUN","title":"Password Spraying","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1110-brute-force/password-spraying","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1110: Brute Force"}]},{"id":"-MRkdGzvEE3FPXe1gvYO","title":"Password Cracking","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1110-brute-force/password-cracking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1110: Brute Force"}]},{"id":"-MRkczo3IKA9TinwVzVK","title":"Password Guessing","pathname":"/red-team-notes-2-0/red-team-techniques/credential-access/t1110-brute-force/password-guessing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Credential Access"},{"label":"T1110: Brute Force"}]},{"id":"-MRkyBjgVbbNazOUgDRS","title":"Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery","siteSpaceId":"sitesp_HMaNd","description":"The Adversary is trying to figure out your environment","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MS07nl7RXaPlIz5XQsZ","title":"T1124: System Time Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1124-system-time-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS07VbNyR5FKu4UuLaV","title":"T1007: System Service Disvcovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1007-system-service-disvcovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS07LznQy-ozAgH-8Si","title":"T1033: System Owner/User Directory","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1033-system-owner-user-directory","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS07ApBe2TnU8Js2gZA","title":"T1049: System Network Connections Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1049-system-network-connections-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS073QDeJCUic6c6076","title":"T1016: System Network Configuration Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1016-system-network-configuration-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06uGzUmw6jwzJYjkL","title":"T1082: System Information Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1082-system-information-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06gqBPYZkUtTTEyDu","title":"T1518: Software Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1518-software-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06mKEmk4S_nFZRts0","title":"Security Software Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1518-software-discovery/security-software-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"},{"label":"T1518: Software Discovery"}]},{"id":"-MS06XAVKegLOwPYha4Z","title":"T1018: Remote System Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1018-remote-system-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06OQvOhPY_gQugJ60","title":"T1012: Query Registry","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1012-query-registry","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06GHMYY9hmqL4EMjB","title":"T1057: Process Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1057-process-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS05v_c0BTEM-yFTuCv","title":"T1069: Permissions Groups Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1069-permissions-groups-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS06-tIaWNKiLW8rmY3","title":"Local Groups","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1069-permissions-groups-discovery/local-groups","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"},{"label":"T1069: Permissions Groups Discovery"}]},{"id":"-MS067DjqwwbdbAIkjax","title":"Domain Groups","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1069-permissions-groups-discovery/domain-groups","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"},{"label":"T1069: Permissions Groups Discovery"}]},{"id":"-MS05kkqCnkW1b6PHpo9","title":"T1120: Peripheral Device Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1120-peripheral-device-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS05c_Rvt7vnJDmRiwo","title":"T1201: Password Policy Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1201-password-policy-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS05RrisTE3WLPANKYO","title":"T1040: Network Sniffing","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1040-network-sniffing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS05LObFGxRHJwVImEQ","title":"T1135: Network Share Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1135-network-share-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS05BEDIyyZ94eZyN24","title":"T1046: Network Servie Scanning","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1046-network-servie-scanning","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS052XIxakHy2PiT8EA","title":"T1083: File and Directory Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1083-file-and-directory-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS04uz6DOiKxOsXDmDO","title":"T1486: Domain Trust Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1486-domain-trust-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS04lBJvCsxDoYfID1a","title":"T1217: Browser Bookmark Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1217-browser-bookmark-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS04aCxl2fgK2370L19","title":"T1010: Application Window Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1010-application-window-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS042gPiwx7QrWPxLcZ","title":"T1087: Account Discovery","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1087-account-discovery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"}]},{"id":"-MS04S26GFZXHPEtIxOe","title":"Domain Account","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1087-account-discovery/domain-account","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"},{"label":"T1087: Account Discovery"}]},{"id":"-MS045CDReXcNgtd3U4j","title":"Local Account","pathname":"/red-team-notes-2-0/red-team-techniques/discovery/t1087-account-discovery/local-account","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Discovery"},{"label":"T1087: Account Discovery"}]},{"id":"-MRkyUDJJ3RPeBP7j9zT","title":"Lateral Movement","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement","siteSpaceId":"sitesp_HMaNd","description":"The adversary is trying to move through your environment","breadcrumbs":[{"label":"Red Team Techniques"}]},{"id":"-MRl2y-_htJRB6ELGscR","title":"T1080: Taint Shared Content","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1080-taint-shared-content","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRl2pAKSPbgsJcs8T_B","title":"T1072: Software Deployment Tools","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1072-software-deployment-tools","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRl13vN9wu42pb2Id0B","title":"T1021: Remote Services","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRl2ctgcgySnbQWlGN2","title":"Windows Remote Management","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services/windows-remote-management","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1021: Remote Services"}]},{"id":"-MRl2Tpuy9Z8vZGyAJNx","title":"VNC","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services/vnc","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1021: Remote Services"}]},{"id":"-MRl1svvReZNc6iBcK6c","title":"Distributed Component Object Model","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services/distributed-component-object-model","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1021: Remote Services"}]},{"id":"-MRl1IPArQZcv6odBz-1","title":"SMB/Windows Admin Shares","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services/smb-windows-admin-shares","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1021: Remote Services"}]},{"id":"-MRl19frGv7uROxXpNJa","title":"Remote Desktop Protocol","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1021-remote-services/remote-desktop-protocol","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1021: Remote Services"}]},{"id":"-MRl0CpGGHp4ILEL5RmW","title":"T1563: Remote Service Session Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1563-remote-service-session-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRl0KgsL9-lhKKj-53q","title":"RDP Hijacking","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1563-remote-service-session-hijacking/rdp-hijacking","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1563: Remote Service Session Hijacking"}]},{"id":"-MRl02qzxSJ3oNa4GTli","title":"T1570: Lateral Tool Transfer","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1570-lateral-tool-transfer","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRl-tAiUKDWBEi-20HN","title":"T1534: Internal Spearphishing","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1534-internal-spearphishing","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"-MRkzP08eXG618p8Omhm","title":"T1210: Exploitation of Remote Services","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1210-exploitation-of-remote-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"HgqdYnpfyeuS1P0dNlW1","title":"T1550 Use Alternate Authentication Material","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1550-use-alternate-authentication-material","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"}]},{"id":"hBykfoPRE8aPCojtm2Bp","title":"Pass the Ticket","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1550-use-alternate-authentication-material/pass-the-ticket","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1550 Use Alternate Authentication Material"}]},{"id":"hSACVWMldgA67PqWF2e2","title":"Pass the Hash","pathname":"/red-team-notes-2-0/red-team-techniques/lateral-movement/t1550-use-alternate-authentication-material/pass-the-hash","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Techniques"},{"label":"Lateral Movement"},{"label":"T1550 Use Alternate Authentication Material"}]},{"id":"-MWuINHBjv_O0-JW71ay","title":"Active Directory","pathname":"/red-team-notes-2-0/active-directory/active-directory","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-MWuIa8_LCgOUeXELrzL","title":"Lightweight Directory Access Protocol","pathname":"/red-team-notes-2-0/active-directory/active-directory/lightweight-directory-access-protocol","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory"}]},{"id":"-MWuIlS3oaAfcKWjGxcM","title":"Kerberos","pathname":"/red-team-notes-2-0/active-directory/active-directory/kerberos","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory"}]},{"id":"-MWuIqwjlYJKQCC9xbYy","title":"Forest, Tress and Domains","pathname":"/red-team-notes-2-0/active-directory/active-directory/forest-tress-and-domains","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory"}]},{"id":"-MWuJ4nIhSgOeDb1T9t4","title":"Active Directory Attacks","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-MWuJCa7N94X2tOQnarJ","title":"Kerberoasting","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/kerberoasting","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuJTQ0riUc1izd84Qt","title":"Unconstrained Delegation","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/unconstrained-delegation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuJqG2VqW2jKVbC0Fn","title":"Constrained Delegation","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/constrained-delegation","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuKBcwIDi2e2FReJ5H","title":"DCSync","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/dcsync","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuKJwYqz2gGgwwiGg0","title":"Golden Tickets","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/golden-tickets","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuL0G_6V752tH-inUU","title":"Silver Tickets","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/silver-tickets","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MWuKe2pehupShg5ukP9","title":"Skeleton Keys","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/skeleton-keys","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"NlYgwgLnlOBEOgS1Zb2h","title":"Active Directory Certificate Services","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/active-directory-certificate-services","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"68kVonpEY9pksTKtJ9JS","title":"NTLMRelay","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/ntlmrelay","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"-MXP5IkP-wQBlzVa4sBy","title":"AS-REP Roasting","pathname":"/red-team-notes-2-0/active-directory/active-directory-attacks/as-rep-roasting","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Active Directory"},{"label":"Active Directory Attacks"}]},{"id":"dxThCS5jXiZaQvGjl6xy","title":"RED TEAM INFRASTRUCTURE","pathname":"/red-team-notes-2-0/red-team-infrastructure/red-team-infrastructure","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"}]},{"id":"heF2HZprgJKeC1zReOR7","title":"Domain Name and Categorization","pathname":"/red-team-notes-2-0/red-team-infrastructure/domain-name-and-categorization","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"}]},{"id":"f5vVz1lS5hIFAYYdUo4D","title":"Reconnaissance","pathname":"/red-team-notes-2-0/red-team-infrastructure/reconnaissance","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"}]},{"id":"LgtX1KwDKBxcru8Xm3h8","title":"Passive","pathname":"/red-team-notes-2-0/red-team-infrastructure/reconnaissance/passive","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Reconnaissance"}]},{"id":"SjDjy4fLUdmg02LgQyJq","title":"Active","pathname":"/red-team-notes-2-0/red-team-infrastructure/reconnaissance/active","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Reconnaissance"}]},{"id":"LGm9bBfYSTDdOXYDh3g0","title":"Weaponization","pathname":"/red-team-notes-2-0/red-team-infrastructure/weaponization","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"}]},{"id":"Jh5t0QagEAdI2s8wuaYF","title":"Macros","pathname":"/red-team-notes-2-0/red-team-infrastructure/weaponization/macros","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Weaponization"}]},{"id":"eRuuS5Z3iq3BrXaNBqRw","title":"HTA","pathname":"/red-team-notes-2-0/red-team-infrastructure/weaponization/hta","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Weaponization"}]},{"id":"uAS6g3Cgnm6HdhjPlASq","title":"ZIP","pathname":"/red-team-notes-2-0/red-team-infrastructure/weaponization/zip","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Weaponization"}]},{"id":"dVOmnA5lO17RzgXEvE98","title":"ISO","pathname":"/red-team-notes-2-0/red-team-infrastructure/weaponization/iso","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Weaponization"}]},{"id":"wGRB2Y6TnIKEUHfjxXby","title":"Delivery","pathname":"/red-team-notes-2-0/red-team-infrastructure/delivery","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"}]},{"id":"ylhILtZ1gBvrDWBc03O9","title":"Gophish","pathname":"/red-team-notes-2-0/red-team-infrastructure/delivery/gophish","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Delivery"}]},{"id":"qrABCU7iVG6i8BtRJFVZ","title":"EvilGinx","pathname":"/red-team-notes-2-0/red-team-infrastructure/delivery/evilginx","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Delivery"}]},{"id":"3AhgljEkcaP8nVok3k8x","title":"PwnDrop","pathname":"/red-team-notes-2-0/red-team-infrastructure/delivery/pwndrop","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Red Team Infrastructure"},{"label":"Delivery"}]},{"id":"dJ1nzevzNpSiPMedurPe","title":"Situational Awareness","pathname":"/red-team-notes-2-0/situational-awareness","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"PZqCFsAdaZEZtYSJfrIn","title":"Covenant and C#","pathname":"/red-team-notes-2-0/situational-awareness/covenant-and-c","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Situational Awareness"}]},{"id":"37oRQK7pWaRy0ZR2G60T","title":"Empire and PowerShell","pathname":"/red-team-notes-2-0/situational-awareness/empire-and-powershell","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Situational Awareness"}]},{"id":"9CvCU8v2VtqoFZtqpOAR","title":"Credential Dumping","pathname":"/red-team-notes-2-0/credential-dumping","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"ru3Scjmc7So4XEPUHG4R","title":"Mimikatz","pathname":"/red-team-notes-2-0/credential-dumping/mimikatz","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Credential Dumping"}]},{"id":"OtnJvGIPM3HjqJO9OxiK","title":"Lsass Dumping","pathname":"/red-team-notes-2-0/credential-dumping/lsass-dumping","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Credential Dumping"}]},{"id":"AZG59ODswVyDnEZO58t1","title":"SharpChromium","pathname":"/red-team-notes-2-0/credential-dumping/sharpchromium","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Credential Dumping"}]},{"id":"F53uj4vOiSrRxM5mfpIQ","title":"Persistence","pathname":"/red-team-notes-2-0/persistence","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"5Pj67YbkghVp2J3QSQld","title":"Userland Persistence","pathname":"/red-team-notes-2-0/persistence/userland-persistence","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Persistence"}]},{"id":"NqzByHTt1f0BhnXS7i4i","title":"Elevated Persistence","pathname":"/red-team-notes-2-0/persistence/elevated-persistence","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Persistence"}]},{"id":"l2w05KGtBqiVHWIHd6jl","title":"Defense Evasion","pathname":"/red-team-notes-2-0/defense-evasion","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"pjWkI6sB08K7plyyJcWY","title":"Disable or Modify Tools","pathname":"/red-team-notes-2-0/defense-evasion/disable-or-modify-tools","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Defense Evasion"}]},{"id":"WFYkXDdu6hY1rV9RbLdm","title":"Obfuscating Files","pathname":"/red-team-notes-2-0/defense-evasion/obfuscating-files","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Defense Evasion"}]},{"id":"EXbadxJczB9j5sEK51NS","title":"Privilege Escalation","pathname":"/red-team-notes-2-0/privilege-escalation","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"4mLitugIduQiZwDS1Ttq","title":"PowerUp","pathname":"/red-team-notes-2-0/privilege-escalation/powerup","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Privilege Escalation"}]},{"id":"OYxtjZlxakYm1ClP0vmF","title":"PrivescCheck","pathname":"/red-team-notes-2-0/privilege-escalation/privesccheck","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Privilege Escalation"}]},{"id":"hO1ER1g72qKgH3RzpH0L","title":"Lateral Movement","pathname":"/red-team-notes-2-0/lateral-movement","siteSpaceId":"sitesp_HMaNd","description":""},{"id":"4bRub9bfKPblQN5bQB8K","title":"RDP","pathname":"/red-team-notes-2-0/lateral-movement/rdp","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Lateral Movement"}]},{"id":"SNs653gqTP6WuKeArQ9m","title":"PowerShell Remoting","pathname":"/red-team-notes-2-0/lateral-movement/powershell-remoting","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Lateral Movement"}]},{"id":"LChgsi8iRvp2e2ygIQYE","title":"Red Team Guide","pathname":"/red-team-notes-2-0/files/red-team-guide","siteSpaceId":"sitesp_HMaNd","description":"","breadcrumbs":[{"label":"Files"}]}]}