Update README.md
parent
f9a623005d
commit
ba2670fea6
|
@ -71,6 +71,7 @@ This document was designed to be a useful, informational asset for those looking
|
|||
### Insecure Group Policy Object Permission Rights
|
||||
* [Abusing GPO Permissions](https://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/)
|
||||
* [A Red Teamer’s Guide to GPOs and OUs](https://wald0.com/?p=179)
|
||||
* [File templates for GPO Abuse](https://github.com/rasta-mouse/GPO-Abuse)
|
||||
|
||||
### Insecure ACLs Permission Rights
|
||||
* [Exploiting Weak Active Directory Permissions With Powersploit](https://blog.stealthbits.com/exploiting-weak-active-directory-permissions-with-powersploit/)
|
||||
|
@ -275,6 +276,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|
|||
|Kerberoasting|4769: A Kerberos ticket was requested|
|
||||
|Lateral Movement|4688: A new process has been created<br>4689: A process has exited<br>4624: An account was successfully logged on<br>4625: An account failed to log on|
|
||||
|DCSync|4662: An operation was performed on an object|
|
||||
|Password Spraying|4625: An account failed to log on<br>4771: Kerberos pre-authentication failed<br>4648: A logon was attempted using explicit credentials|
|
||||
|
||||
### Resources
|
||||
* [Reducing the Active Directory Attack Surface](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/reducing-the-active-directory-attack-surface)
|
||||
|
@ -312,6 +314,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|
|||
* [Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)
|
||||
* [Hunting For In-Memory .NET Attacks](https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks)
|
||||
* [Mimikatz Overview, Defenses and Detection](https://www.sans.org/reading-room/whitepapers/detection/mimikatz-overview-defenses-detection-36780)
|
||||
* [Trimarc Research: Detecting Password Spraying with Security Event Auditing](https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing)
|
||||
* [Hunting for Gargoyle Memory Scanning Evasion](https://www.countercept.com/blog/hunting-for-gargoyle/)
|
||||
* [Planning and getting started on the Windows Defender Application Control deployment process](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
|
||||
* [How to Go from Responding to Hunting with Sysinternals Sysmon](https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow)
|
||||
|
|
Loading…
Reference in New Issue