infosecn1nja
/
AD-Attack-Defense
mirror of https://github.com/infosecn1nja/AD-Attack-Defense.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

pull/1/head
Rahmat Nurfauzi 2018-11-20 10:35:47 +07:00 committed by GitHub
parent f9a623005d
commit ba2670fea6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -71,6 +71,7 @@ This document was designed to be a useful, informational asset for those looking
### Insecure Group Policy Object Permission Rights
* [Abusing GPO Permissions](https://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/)
* [A Red Teamers Guide to GPOs and OUs](https://wald0.com/?p=179)
* [File templates for GPO Abuse](https://github.com/rasta-mouse/GPO-Abuse)
### Insecure ACLs Permission Rights
* [Exploiting Weak Active Directory Permissions With Powersploit](https://blog.stealthbits.com/exploiting-weak-active-directory-permissions-with-powersploit/)
@ -275,6 +276,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|Kerberoasting|4769: A Kerberos ticket was requested|
|Lateral Movement|4688: A new process has been created<br>4689: A process has exited<br>4624: An account was successfully logged on<br>4625: An account failed to log on|
|DCSync|4662: An operation was performed on an object|
|Password Spraying|4625: An account failed to log on<br>4771: Kerberos pre-authentication failed<br>4648: A logon was attempted using explicit credentials|
### Resources
* [Reducing the Active Directory Attack Surface](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/reducing-the-active-directory-attack-surface)
@ -312,6 +314,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
* [Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)
* [Hunting For In-Memory .NET Attacks](https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks)
* [Mimikatz Overview, Defenses and Detection](https://www.sans.org/reading-room/whitepapers/detection/mimikatz-overview-defenses-detection-36780)
* [Trimarc Research: Detecting Password Spraying with Security Event Auditing](https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing)
* [Hunting for Gargoyle Memory Scanning Evasion](https://www.countercept.com/blog/hunting-for-gargoyle/)
* [Planning and getting started on the Windows Defender Application Control deployment process](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
* [How to Go from Responding to Hunting with Sysinternals Sysmon](https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow)