Adding references for Altered Security labs

2024-05-24 10:48:55 +02:00 · 2024-05-24 10:48:55 +02:00 · 0dfaec828b
parent 402412c6fe
commit 0dfaec828b
27 changed files with 65 additions and 25 deletions
--- a/docs/active-directory/ad-adds-acl-ace.md
+++ b/docs/active-directory/ad-adds-acl-ace.md
@ -256,3 +256,4 @@ An attacker can change the password of the user this ACE applies to:
 * [ACE to RCE - @JustinPerdok - July 24, 2020](https://sensepost.com/blog/2020/ace-to-rce/)
 * [Access Control Entries (ACEs) - The Hacker Recipes - @_nwodtuhs](https://www.thehacker.recipes/active-directory-domain-services/movement/abusing-aces)
 * [Escalating privileges with ACLs in Active Directory - April 26, 2018 - Rindert Kramer and Dirk-jan Mollema](https://blog.fox-it.com/2018/04/26/escalating-privileges-with-acls-in-active-directory/)
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/ad-adds-enumerate.md
+++ b/docs/active-directory/ad-adds-enumerate.md
@ -353,4 +353,5 @@ Enumerate users from the Domain Controllers.
 * [Penetration Testing Active Directory, Part II - March 12, 2019 - Hausec](https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/)
 * [Using bloodhound to map the user network - Hausec](https://hausec.com/2017/10/26/using-bloodhound-to-map-the-user-network/)
 * [PowerView 3.0 Tricks - HarmJ0y](https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993)
-* [SOAPHound - tool to collect Active Directory data via ADWS - Nikos Karouzos - 01/26/204](https://medium.com/falconforce/soaphound-tool-to-collect-active-directory-data-via-adws-165aca78288c)
+* [SOAPHound - tool to collect Active Directory data via ADWS - Nikos Karouzos - 01/26/204](https://medium.com/falconforce/soaphound-tool-to-collect-active-directory-data-via-adws-165aca78288c)
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/ad-adds-group-policy-objects.md
+++ b/docs/active-directory/ad-adds-group-policy-objects.md
@ -112,4 +112,5 @@ StandIn.exe --gpo --filter Shards --tasktype computer --taskname Liber --author
 * [GPO Abuse - Part 2 - RastaMouse - 13 January 2019](https://rastamouse.me/2019/01/gpo-abuse-part-2/)
 * [Abusing GPO Permissions - harmj0y - March 17, 2016](https://www.harmj0y.net/blog/redteaming/abusing-gpo-permissions/)
 * [GPO Abuse: "You can't see me" - Huy Kha -  July 19, 2019](https://pentestmag.com/gpo-abuse-you-cant-see-me/)
-* [A Red Teamer’s Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
+* [A Red Teamer’s Guide to GPOs and OUs - APRIL 2, 2018 - @_wald0](https://wald0.com/?p=179)
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/ad-roasting-kerberoasting.md
+++ b/docs/active-directory/ad-roasting-kerberoasting.md
@ -90,4 +90,5 @@ Then crack the ticket using the correct hashcat mode (`$krb5tgs$23`= `etype 23`)
 * [Abusing Kerberos: Kerberoasting - Haboob Team](https://www.exploit-db.com/docs/english/45051-abusing-kerberos---kerberoasting.pdf)
 * [Invoke-Kerberoast - Powersploit Read the docs](https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/)
 * [Kerberoasting - Part 1 - Mubix “Rob” Fuller](https://room362.com/post/2016/kerberoast-pt1/)
-* [Post-OSCP Series Part 2 - Kerberoasting - 16 APRIL 2019 - Jon Hickman](https://0metasecurity.com/post-oscp-part-2/)
+* [Post-OSCP Series Part 2 - Kerberoasting - 16 APRIL 2019 - Jon Hickman](https://0metasecurity.com/post-oscp-part-2/)
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/deployment-sccm.md
+++ b/docs/active-directory/deployment-sccm.md
@ -2,11 +2,19 @@

 > SCCM is a solution from Microsoft to enhance administration in a scalable way across an organisation.

+
 ## SCCM Application Deployment

+> Application Deployment is a process that involves packaging software applications and distributing them to selected computers or devices within an organization
+
+**Tools**:
+
 * [PowerShellMafia/PowerSCCM - PowerShell module to interact with SCCM deployments](https://github.com/PowerShellMafia/PowerSCCM)
 * [nettitude/MalSCCM - Abuse local or remote SCCM servers to deploy malicious applications to hosts they manage](https://github.com/nettitude/MalSCCM)

+
+**Exploitation**:
+
 * Using **SharpSCCM**
  ```ps1
  .\SharpSCCM.exe get devices --server <SERVER8NAME> --site-code <SITE_CODE>
--- a/docs/active-directory/pwd-read-laps.md
+++ b/docs/active-directory/pwd-read-laps.md
@ -85,4 +85,9 @@ The members of the group **"Account Operator"** can add and modify all the non a
 ```ps1
 Add-DomainGroupMember -Identity 'LAPS ADM' -Members 'user1' -Credential $cred -Domain "domain.local"
 Add-DomainGroupMember -Identity 'LAPS READ' -Members 'user1' -Credential $cred -Domain "domain.local"
-```
+```
+
+
+## References
+
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/trust-relationship.md
+++ b/docs/active-directory/trust-relationship.md
@ -45,4 +45,5 @@
 ## References

 * [External Trusts Are Evil - 14 March 2023 - Charlie Clark (@exploitph)](https://exploit.ph/external-trusts-are-evil.html)
-* [Carlos Garcia - Rooted2019 - Pentesting Active Directory Forests public.pdf](https://www.dropbox.com/s/ilzjtlo0vbyu1u0/Carlos%20Garcia%20-%20Rooted2019%20-%20Pentesting%20Active%20Directory%20Forests%20public.pdf?dl=0)
+* [Carlos Garcia - Rooted2019 - Pentesting Active Directory Forests public.pdf](https://www.dropbox.com/s/ilzjtlo0vbyu1u0/Carlos%20Garcia%20-%20Rooted2019%20-%20Pentesting%20Active%20Directory%20Forests%20public.pdf?dl=0)
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/trust-sid-hijacking.md
+++ b/docs/active-directory/trust-sid-hijacking.md
@ -17,4 +17,9 @@ By default the first domain created if the Forest Root.
 - Create golden ticket and attack parent domain. 
    ```powershell
    kerberos::golden /user:Administrator /krbtgt:HASH_KRBTGT /domain:domain.local /sid:S-1-5-21-2941561648-383941485-1389968811 /sids:S-1-5-SID-SECOND-DOMAIN-519 /ptt
-    ```
+    ```
+
+
+## References
+
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/active-directory/trust-ticket.md
+++ b/docs/active-directory/trust-ticket.md
@ -34,4 +34,9 @@ Inject the ST file and access the targeted service with the spoofed rights.
 ```powershell
 kirbikator lsa .\ticket.kirbi
 ls \\machine.domain.local\c$
-```
+```
+
+
+## References
+
+* [Training - Attacking and Defending Active Directory Lab - Altered Security](https://www.alteredsecurity.com/adlab)
--- a/docs/cloud/azure/azure-access-and-token.md
+++ b/docs/cloud/azure/azure-access-and-token.md
@ -378,4 +378,5 @@ Use the user account to create a computer and request a PRT
 * [Attacking Azure Cloud shell - Karl Fosaaen - December 10, 2019](https://blog.netspi.com/attacking-azure-cloud-shell/)
 * [Azure AD Pass The Certificate - Mor - Aug 19, 2020](https://medium.com/@mor2464/azure-ad-pass-the-certificate-d0c5de624597)
 * [Azure Privilege Escalation Using Managed Identities - Karl Fosaaen - February 20th, 2020](https://blog.netspi.com/azure-privilege-escalation-using-managed-identities/)
-* [Hunting Azure Admins for Vertical Escalation - LEE KAGAN - MARCH 13, 2020](https://www.lares.com/hunting-azure-admins-for-vertical-escalation/)
+* [Hunting Azure Admins for Vertical Escalation - LEE KAGAN - MARCH 13, 2020](https://www.lares.com/hunting-azure-admins-for-vertical-escalation/)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-ad-connect.md
+++ b/docs/cloud/azure/azure-ad-connect.md
@ -122,4 +122,5 @@ Using [https://autologon.microsoftazuread-sso.com/](https://autologon.microsofta
 * [Windows Azure Active Directory in plain English - Openness AtCEE - Jan 9, 2014](https://www.youtube.com/watch?v=IcSATObaQZE)
 * [Azure AD connect for RedTeam - Adam Chester @xpnsec -  2019-02-18](https://blog.xpnsec.com/azuread-connect-for-redteam/)
 * [Azure AD Kerberos Tickets: Pivoting to the Cloud - Edwin David - February 09, 2023](https://trustedsec.com/blog/azure-ad-kerberos-tickets-pivoting-to-the-cloud)
-* [DUMPING NTHASHES FROM MICROSOFT ENTRA ID - Secureworks](https://www.secureworks.com/research/dumping-nthashes-from-microsoft-entra-id)
+* [DUMPING NTHASHES FROM MICROSOFT ENTRA ID - Secureworks](https://www.secureworks.com/research/dumping-nthashes-from-microsoft-entra-id)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-devices-users-sp.md
+++ b/docs/cloud/azure/azure-devices-users-sp.md
@ -173,4 +173,5 @@ roadtx findscope -s https://graph.microsoft.com/mail.read
 * [Pentesting Azure Mindmap](https://github.com/synacktiv/Mindmaps)
 * [AZURE AD cheatsheet - BlackWasp](https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad)
 * [Moving laterally between Azure AD joined machines - Tal Maor - Mar 17, 2020](https://medium.com/@talthemaor/moving-laterally-between-azure-ad-joined-machines-ed1f8871da56)
-* [AZURE AD INTRODUCTION FOR RED TEAMERS - Aymeric Palhière (bak) - 2020-04-20](https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html)
+* [AZURE AD INTRODUCTION FOR RED TEAMERS - Aymeric Palhière (bak) - 2020-04-20](https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-enumeration.md
+++ b/docs/cloud/azure/azure-enumeration.md
@ -250,4 +250,5 @@ Invoke-MFASweep -Username targetuser@targetdomain.com -Password Winter2020 -Reco

 * [Bypassing conditional access by faking device compliance - @DrAzureAD - September 06, 2020](https://o365blog.com/post/mdm/)
 * [CARTP-cheatsheet - Azure AD cheatsheet for the CARTP course](https://github.com/0xJs/CARTP-cheatsheet/blob/main/Authenticated-enumeration.md)
-* [Attacking Azure/Azure AD and introducing Powerzure - SpecterOps - Ryan Hausknecht - Jan 28, 2020](https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a)
+* [Attacking Azure/Azure AD and introducing Powerzure - SpecterOps - Ryan Hausknecht - Jan 28, 2020](https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-persistence.md
+++ b/docs/cloud/azure/azure-persistence.md
@ -43,4 +43,5 @@ Add-AzureADGroupMember -ObjectId <group_id> -RefObjectId <user_id> -Verbose
 ## References

 * [Maintaining Azure Persistence via automation accounts - Karl Fosaaen - September 12, 2019](https://blog.netspi.com/maintaining-azure-persistence-via-automation-accounts/)
-* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
+* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-phishing.md
+++ b/docs/cloud/azure/azure-phishing.md
@ -142,4 +142,5 @@ roadtx codeauth -c <app-id> -r msgraph -t <tenant-id> <0.A....> -ru 'https://<ph
 * [Learn with @trouble1_raunak: Cloud Pentesting - Azure (Illicit Consent Grant Attack) - trouble1_raunak - Jun 6, 2021](https://www.youtube.com/watch?v=51FSvndgddk&list=WL)
 * [The Art of the Device Code Phish - Bobby Cooke - July 12, 2021](https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html)
 * [Power Pwn - Black Hat Arsenal 2023 - Aug 24, 2023](https://www.youtube.com/watch?v=LpdckZyBwvs)
-* [Low Code High Risk - Enterprise Domination via Low Code Abuse - Defcon 30 - Oct 20, 2022](https://www.youtube.com/watch?v=D3A62Rzozq4)
+* [Low Code High Risk - Enterprise Domination via Low Code Abuse - Defcon 30 - Oct 20, 2022](https://www.youtube.com/watch?v=D3A62Rzozq4)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-requirements.md
+++ b/docs/cloud/azure/azure-requirements.md
@ -34,4 +34,5 @@ Subscriptions:
 ## References

 * [Az - Permissions for a Pentest - HackTricks](https://cloud.hacktricks.xyz/pentesting-cloud/azure-security/az-permissions-for-a-pentest)
-* [An introduction to penetration testing Azure - HollyGraceful - 06 August 2021](https://akimbocore.com/article/introduction-to-pentesting-azure/)
+* [An introduction to penetration testing Azure - HollyGraceful - 06 August 2021](https://akimbocore.com/article/introduction-to-pentesting-azure/)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-application-endpoint.md
+++ b/docs/cloud/azure/azure-services-application-endpoint.md
@ -11,4 +11,4 @@

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-application-proxy.md
+++ b/docs/cloud/azure/azure-services-application-proxy.md
@ -14,4 +14,4 @@

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-deployment-template.md
+++ b/docs/cloud/azure/azure-services-deployment-template.md
@ -17,4 +17,4 @@

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-devops.md
+++ b/docs/cloud/azure/azure-services-devops.md
@ -140,4 +140,5 @@ You can access an organization's Azure DevOps Services instance via https://dev.

 ## References

-* [Hiding in the Clouds: Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules - Brett Hawkins - November 6, 2023](https://www.ibm.com/downloads/cas/5JKAPVYD)
+* [Hiding in the Clouds: Abusing Azure DevOps Services to Bypass Microsoft Sentinel Analytic Rules - Brett Hawkins - November 6, 2023](https://www.ibm.com/downloads/cas/5JKAPVYD)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-keyvault.md
+++ b/docs/cloud/azure/azure-services-keyvault.md
@ -34,4 +34,5 @@

 ## References

-* [Get-AzurePasswords: A Tool for Dumping Credentials from Azure Subscriptions - August 28, 2018 - Karl Fosaaen](https://www.netspi.com/blog/technical/cloud-penetration-testing/get-azurepasswords/)
+* [Get-AzurePasswords: A Tool for Dumping Credentials from Azure Subscriptions - August 28, 2018 - Karl Fosaaen](https://www.netspi.com/blog/technical/cloud-penetration-testing/get-azurepasswords/)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-microsoft-intune.md
+++ b/docs/cloud/azure/azure-services-microsoft-intune.md
@ -33,4 +33,5 @@ Requirements:

 ## References

-* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
+* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-office-365.md
+++ b/docs/cloud/azure/azure-services-office-365.md
@ -30,4 +30,5 @@ Get-MgDrive -top 1

 ## References

-* [Pentesting Azure Mindmap - Alexis Danizan](https://github.com/synacktiv/Mindmaps)
+* [Pentesting Azure Mindmap - Alexis Danizan](https://github.com/synacktiv/Mindmaps)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-runbook.md
+++ b/docs/cloud/azure/azure-services-runbook.md
@ -85,4 +85,4 @@ Get-AzAutomationAccount | Get-AzAutomationDscConfiguration | where {$_.name -mar

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-storage-blob.md
+++ b/docs/cloud/azure/azure-services-storage-blob.md
@ -45,4 +45,4 @@ PS Az> (Get-AzStorageAccount | Get-AzStorageContainer).cloudBlobContainer | sele

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-virtual-machine.md
+++ b/docs/cloud/azure/azure-services-virtual-machine.md
@ -45,4 +45,5 @@ Invoke-AzureRmVMBulkCMD -Script Mimikatz.ps1 -Verbose -output Output.txt

 ## References

-* [Running Powershell scripts on Azure VM - Karl Fosaaen - November 6, 2018](https://blog.netspi.com/running-powershell-scripts-on-azure-vms/)
+* [Running Powershell scripts on Azure VM - Karl Fosaaen - November 6, 2018](https://blog.netspi.com/running-powershell-scripts-on-azure-vms/)
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)
--- a/docs/cloud/azure/azure-services-web-apps.md
+++ b/docs/cloud/azure/azure-services-web-apps.md
@ -31,4 +31,4 @@ az webapp create-remote-connection --subscription <SUBSCRIPTION-ID> --resource-g

 ## References

-* []()
+* [Training - Attacking and Defending Azure Lab - Altered Security](https://www.alteredsecurity.com/azureadlab)