# Infiltr8: The Red-Book ## Infiltr8: The Red-Book - [The Red-Book](https://red.infiltr8.io/readme.md): The Art of Offensive CyberSecurity - [Reconnaissance](https://red.infiltr8.io/redteam/recon.md): MITRE ATT\&CK™ Reconnaissance - Tactic TA0043 - [DNS Enumeration](https://red.infiltr8.io/redteam/recon/dns-enum.md): MITRE ATT\&CK™ Gather Victim Network Information: DNS - T1590.002 - [Subdomains enumeration](https://red.infiltr8.io/redteam/recon/subdomains-enumeration.md) - [Email Harvesting](https://red.infiltr8.io/redteam/recon/email-harvesting.md): MITRE ATT\&CK™ Account Discovery - Technique T1087 - [Host Discovery](https://red.infiltr8.io/redteam/recon/host-discovery.md) - [TCP/UDP Service Scanning](https://red.infiltr8.io/redteam/recon/tcp-udp-service-scanning.md): MITRE ATT\&CK™ Network Service Discovery - Technique T1046 - [Vulnerability Scanning](https://red.infiltr8.io/redteam/recon/vulnerability-scanning.md): MITRE ATT\&CK™ Active Scanning: Vulnerability Scanning - Technique T1595.002 - [Google Dorks](https://red.infiltr8.io/redteam/recon/google-dorks.md) - [GitHub Recon](https://red.infiltr8.io/redteam/recon/open-source-code.md): MITRE ATT\&CK™ Data from Information Repositories - Technique T1213 - [Files Metadata](https://red.infiltr8.io/redteam/recon/files-metadata.md) - [Maltego](https://red.infiltr8.io/redteam/recon/maltego.md) - [Specialized Search Engines](https://red.infiltr8.io/redteam/recon/specialized-search-engines.md) - [Execution](https://red.infiltr8.io/redteam/weapon.md): MITRE ATT\&CK™ Execution - Tactic TA0002 - [Code & Process Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection.md) - [Loading .NET Reflective Assembly](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/.net-reflective-assembly.md): MITRE ATT\&CK™ Reflective Code Loading - Technique T1620 - [Loading .NET Assembly from Windows Script Hosting](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/.net-assembly-from-windows-script-hosting.md): MITRE ATT\&CK™ Reflective Code Loading - Technique T1620 - [Process Hollowing](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/process-hollowing.md): MITRE ATT\&CK™ Process Injection: Process Hollowing - Technique T1055.012 - [WndProc Callback Shellcode Execution](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/wndproc-callback-shellcode-execution.md) - [Fibers Shellcode Execution](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/fibers-shellcode-execution.md) - [Vector Exception Handler Shellcode Execution](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/vector-exception-handler-shellcode-execution.md) - [NtQueueApcThread & NtTestAlert Shellcode Execution](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/ntqueueapcthread-and-nttestalert-shellcode-execution.md): MITRE ATT\&CK™ Process Injection: Asynchronous Procedure Call - Technique T1055.004 - [Thread Pool Callback Shellcode Execution](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/thread-pool-callback-shellcode-execution.md) - [Module Stomping Shellcode Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/module-stomping-shellcode-injection.md) - [Remote .NET Assembly Loading through WaaSRemediation DCOM Abuse](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/remote-.net-assembly-loading-through-waasremediation-dcom-abuse.md) - [DLL Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/dll-injection.md) - [CreateRemoteThread Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/createremotethread-injection.md) - [Reflective DLL Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/reflective-dll-injection.md) - [NtMapViewOfSection Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/ntmapviewofsection-injection.md) - [SetWindowHookEx Injection](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/setwindowhookex-injection.md) - [PoolParty](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/poolparty.md) - [MockingJay](https://red.infiltr8.io/redteam/weapon/code-and-process-injection/mockingjay.md) - [Code Execution](https://red.infiltr8.io/redteam/weapon/code-execution.md) - [CMSTP](https://red.infiltr8.io/redteam/weapon/code-execution/cmstp.md) - [MSBuild](https://red.infiltr8.io/redteam/weapon/code-execution/msbuild.md) - [MSHTA](https://red.infiltr8.io/redteam/weapon/code-execution/mshta.md) - [Microsoft Office Execution](https://red.infiltr8.io/redteam/weapon/code-execution/microsoft-office-execution.md) - [Windows Script Host (WSH)](https://red.infiltr8.io/redteam/weapon/code-execution/wsh.md) - [Outlook Home Page Abuse (Specula)](https://red.infiltr8.io/redteam/weapon/code-execution/outlook-home-page-abuse-specula.md) - [Powershell Without Powershell.exe](https://red.infiltr8.io/redteam/weapon/code-execution/whithout-powershell.md) - [RegSrv32](https://red.infiltr8.io/redteam/weapon/code-execution/regsrv32.md) - [Scheduled Tasks](https://red.infiltr8.io/redteam/weapon/code-execution/scheduled-tasks.md): MITRE ATT\&CK™ Scheduled Task/Job - Technique T1053.002 - [Services](https://red.infiltr8.io/redteam/weapon/code-execution/services.md): MITRE ATT\&CK™ System Services - Service Execution - Technique T1569.002 - [Windows Library Files](https://red.infiltr8.io/redteam/weapon/code-execution/windows-library-files.md) - [HTML Help Files](https://red.infiltr8.io/redteam/weapon/code-execution/html-help-files.md) - [WMI](https://red.infiltr8.io/redteam/weapon/code-execution/wmic.md): MITRE ATT\&CK™ Windows Management Instrumentation - Technique T1047 - [Script Exploits](https://red.infiltr8.io/redteam/weapon/code-execution/script-exploits.md) - [Sliver](https://red.infiltr8.io/redteam/weapon/code-execution/sliver.md) - [Initial Access](https://red.infiltr8.io/redteam/delivery.md): MITRE ATT\&CK™ Initial Access - Tactic TA0001 - [Network Services](https://red.infiltr8.io/redteam/delivery/network-services.md) - [Password Attacks](https://red.infiltr8.io/redteam/delivery/password-attacks.md) - [Phishing](https://red.infiltr8.io/redteam/delivery/phishing.md) - [HTML Smuggling](https://red.infiltr8.io/redteam/delivery/phishing/html-smuggling.md): MITRE ATT\&CK™ Obfuscated Files or Information: HTML Smuggling - Technique T1027.006 - [Phishing with Calendars (.ICS Files)](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-calendars-.ics-files.md) - [Phishing With Microsoft Office](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office.md) - [MS Office - VBA (Macros)](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/vba.md) - [MS Office - RTF Files RCE](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/ms-word-rtf-files-rce.md) - [MS Office - Custom XML parts](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/ms-office-custom-xml-parts.md) - [MS Office - Excel 4.0 (XLM) Macros](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/ms-office-excel-4.0-xlm-macros.md) - [MS Office - VBA Stomping](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/ms-office-vba-stomping.md): MITRE ATT\&CK™ Hide Artifacts: VBA Stomping - Technique T1564.007 - [MS Office - Remote Dotm Template Injection](https://red.infiltr8.io/redteam/delivery/phishing/phishing-with-ms-office/ms-office-remote-dotm-template-injection.md) - [Phishing via Proxy](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy.md) - [Adversary in the Middle (AitM) Phishing](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/adversary-in-the-middle-aitm-phishing.md): MITRE ATT\&CK™ Adversary-in-the-Middle - Technique T1557 - [EvilGoPhish](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/adversary-in-the-middle-aitm-phishing/evilgophish.md): MITRE ATT\&CK™ Adversary-in-the-Middle - Technique T1557 - [Evilginx](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/adversary-in-the-middle-aitm-phishing/evilginx.md): MITRE ATT\&CK™ Adversary-in-the-Middle - Technique T1557 - [Muraena](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/adversary-in-the-middle-aitm-phishing/muraena.md): MITRE ATT\&CK™ Adversary-in-the-Middle - Technique T1557 - [Modlishka](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/adversary-in-the-middle-aitm-phishing/modlishka.md): MITRE ATT\&CK™ Adversary-in-the-Middle - Technique T1557 - [Browser in the Middle (BitM) Phishing](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/browser-in-the-middle-bitm-phishing.md) - [cuddlephish](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/browser-in-the-middle-bitm-phishing/cuddlephish.md) - [EvilnoVNC](https://red.infiltr8.io/redteam/delivery/phishing/phishing-via-proxy/browser-in-the-middle-bitm-phishing/evilnovnc.md) - [Persistence](https://red.infiltr8.io/redteam/persistence.md): MITRE ATT\&CK™ Persistence - Tactic TA0003 - [Active Directory](https://red.infiltr8.io/redteam/persistence/active-directory.md) - [Windows](https://red.infiltr8.io/redteam/persistence/windows.md) - [Accessibility features Backdoor](https://red.infiltr8.io/redteam/persistence/windows/accessibility-features-backdoor.md): MITRE ATT\&CK™ Event Triggered Execution - Accessibility Features - Technique T1546.008 - [AEDebug Keys Persistence](https://red.infiltr8.io/redteam/persistence/windows/aedebug-keys.md) - [Image File Execution Options (IFEO) Persistence](https://red.infiltr8.io/redteam/persistence/windows/image-file-execution-options.md): MITRE ATT\&CK™ Event Triggered Execution: Image File Execution Options Injection - Technique T1546.012 - [Logon Triggered Persistence](https://red.infiltr8.io/redteam/persistence/windows/logon-triggered.md): MITRE ATT\&CK™ Boot or Logon Autostart Execution - Technique T1547 - [LSA Persistence](https://red.infiltr8.io/redteam/persistence/windows/lsa.md) - [Security Support Provider DLLs](https://red.infiltr8.io/redteam/persistence/windows/lsa/security-support-provider-dlls.md): MITRE ATT\&CK™ Boot or Logon Autostart Execution: Security Support Provider - Technique T1547.005 - [Authentication Package](https://red.infiltr8.io/redteam/persistence/windows/lsa/authentication-package.md): MITRE ATT\&CK™ Boot or Logon Autostart Execution: Authentication Package - Technique T1547.002 - [Natural Language 6 DLLs Persistence](https://red.infiltr8.io/redteam/persistence/windows/natural-language-6-dlls.md) - [Run Keys Persistence](https://red.infiltr8.io/redteam/persistence/windows/run-keys.md): MITRE ATT\&CK™ Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Technique T1547.001 - [Winlogon Persistence](https://red.infiltr8.io/redteam/persistence/windows/winlogon.md): MITRE ATT\&CK™ Boot or Logon Autostart Execution: Winlogon Helper DLL - Technique T1547.001 - [WMI Event Subscription Persistence](https://red.infiltr8.io/redteam/persistence/windows/wmi-event-subscription.md): MITRE ATT\&CK™ Event Triggered Execution: Windows Management Instrumentation Event Subscription - Technique T1546.003 - [Linux](https://red.infiltr8.io/redteam/persistence/linux.md) - [SSH for Persistence](https://red.infiltr8.io/redteam/persistence/linux/ssh.md): MITRE ATT\&CK™ Persistence - Tactic TA0003 - [GSocket for Persistence](https://red.infiltr8.io/redteam/persistence/linux/gsocket-for-persistence.md): MITRE ATT\&CK™ Persistence - Tactic TA0003 - [Udev rules](https://red.infiltr8.io/redteam/persistence/linux/udev-rules.md) - [Defense Evasion](https://red.infiltr8.io/redteam/evasion.md): MITRE ATT\&CK™ Defense Evasion - Tactic TA0005 - [Endpoint Detection Respons (EDR) Bypass](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass.md) - [Bring Your Own Vulnerable Driver (BYOVD)](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/bring-your-own-vulnerable-driver-byovd.md): MITRE ATT\&CK™ Exploitation for Privilege Escalation - Technique T1068 - [Safe Mode With Networking](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/safe-mode-with-networking.md): MITRE ATT\&CK™ Impair Defenses: Disable or Modify Tools - Technique T1562.001 - [Windows Defender Application Control (WDAC): Killing EDR](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/windows-defender-application-control-wdac-killing-edr.md): MITRE ATT\&CK™ Impair Defenses: Disable or Modify Tools - Technique T1562.001 - [Load Unsigned Drivers](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/load-unsigned-drivers.md) - [Minifilter Altitude](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/minifilter-altitude.md) - [Hypervisor Code Integrity (HVCI) Disallowed Images](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/hypervisor-code-integrity-hvci-disallowed-images.md) - [Windows Filtering Platform (WFP)](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/windows-filtering-platform-wfp.md) - [Userland Hooking Bypass](https://red.infiltr8.io/redteam/evasion/endpoint-detection-respons-edr-bypass/userland-hooking-bypass.md) - [UAC Bypass](https://red.infiltr8.io/redteam/evasion/uac.md): MITRE ATT\&CK™ Impair Defenses: Disable or Modify Tools - Technique T1562.001 - [AMSI Bypass](https://red.infiltr8.io/redteam/evasion/amsi.md): MITRE ATT\&CK™ Impair Defenses: Disable or Modify Tools - Technique T1562.001 - [ETW evasion](https://red.infiltr8.io/redteam/evasion/etw-evasion.md): MITRE ATT\&CK™ Impair Defenses: Disable or Modify Tools - Technique T1562.002 - [Living Off The Land](https://red.infiltr8.io/redteam/evasion/living-off-the-land.md) - [Windows Sysinternals](https://red.infiltr8.io/redteam/evasion/living-off-the-land/sysinternals.md) - [LOLBAS Project](https://red.infiltr8.io/redteam/evasion/living-off-the-land/lolbas.md) - [File Operations](https://red.infiltr8.io/redteam/evasion/living-off-the-land/file-operations.md) - [File Executions](https://red.infiltr8.io/redteam/evasion/living-off-the-land/file-executions.md) - [Signature Evasion](https://red.infiltr8.io/redteam/evasion/signature-evasion.md) - [Obfuscation](https://red.infiltr8.io/redteam/evasion/obf.md) - [PowerShell Obfuscation](https://red.infiltr8.io/redteam/evasion/obf/powershell-obfuscation.md) - [Commandline Obfusaction](https://red.infiltr8.io/redteam/evasion/obf/commandline-obfusaction.md) - [PE Obfuscation](https://red.infiltr8.io/redteam/evasion/obf/pe-obfuscation.md) - [String Encryption](https://red.infiltr8.io/redteam/evasion/obf/string-encryption.md) - [AppLocker Bypass](https://red.infiltr8.io/redteam/evasion/applocker-bypass.md) - [Mark-of-the-Web (MotW) Bypass](https://red.infiltr8.io/redteam/evasion/motw-bypass.md): MITRE ATT\&CK™ Subvert Trust Controls: Mark-of-the-Web Bypass - Technique T1553.005 - [PowerShell Constrained Language Mode (CLM) Bypass](https://red.infiltr8.io/redteam/evasion/powershell-constrained-language-mode-clm-bypass.md) - [Kill Windows Defender](https://red.infiltr8.io/redteam/evasion/kill-windows-defender.md) - [Virtualization-based security (VBS) Bypass](https://red.infiltr8.io/redteam/evasion/virtualization-based-security-vbs-bypass.md) - [Credential Guard bypass](https://red.infiltr8.io/redteam/evasion/virtualization-based-security-vbs-bypass/credential-guard-bypass.md) - [hypervisor-protected code integrity (HVCI) Bypass](https://red.infiltr8.io/redteam/evasion/virtualization-based-security-vbs-bypass/hypervisor-protected-code-integrity-hvci-bypass.md) - [Windows Defender Application Control (WDAC) Bypass](https://red.infiltr8.io/redteam/evasion/virtualization-based-security-vbs-bypass/windows-defender-application-control-wdac-bypass.md) - [Sandbox Evasion](https://red.infiltr8.io/redteam/evasion/sandbox-evasion.md): MITRE ATT\&CK™ Virtualization/Sandbox Evasion- Technique T1497 - [Discovery](https://red.infiltr8.io/redteam/discovery.md): MITRE ATT\&CK™ Discovery - Tactic TA0007 - [Active Directory](https://red.infiltr8.io/redteam/discovery/active-directory.md) - [Windows](https://red.infiltr8.io/redteam/discovery/windows.md) - [System Information](https://red.infiltr8.io/redteam/discovery/windows/system-information.md): MITRE ATT\&CK™ System Information Discovery - Technique T1082 - [Processes & Services](https://red.infiltr8.io/redteam/discovery/windows/processes-and-services.md): MITRE ATT\&CK™ Process Discovery & System Service Discovery - Technique T1057 & T1007 - [Scheduled Tasks](https://red.infiltr8.io/redteam/discovery/windows/scheduled-tasks.md) - [Installed applications](https://red.infiltr8.io/redteam/discovery/windows/installed-applications.md): MITRE ATT\&CK™ Software Discovery - Technique T1518 - [Network Configuration](https://red.infiltr8.io/redteam/discovery/windows/network-configuration.md): MITRE ATT\&CK™ System Network Configuration Discovery - Technique T1016 - [FIle/Folder ACLs](https://red.infiltr8.io/redteam/discovery/windows/acls.md): MITRE ATT\&CK™ File and Directory Discovery - Technique T1083 - [Knowing your Shell](https://red.infiltr8.io/redteam/discovery/windows/knowing-your-shell.md) - [Security Solutions](https://red.infiltr8.io/redteam/discovery/windows/av.md): MITRE ATT\&CK™ Software Discovery: Security Software Discovery - Technique T1518.001 - [Linux](https://red.infiltr8.io/redteam/discovery/linux.md) - [OS Details](https://red.infiltr8.io/redteam/discovery/linux/os-details.md) - [Process & Services](https://red.infiltr8.io/redteam/discovery/linux/process-and-services.md) - [Privilege Escalation](https://red.infiltr8.io/redteam/privilege-escalation.md): MITRE ATT\&CK™ Privilege Escalation - Tactic TA0004 - [Windows](https://red.infiltr8.io/redteam/privilege-escalation/windows.md) - [Tools ⚙️](https://red.infiltr8.io/redteam/privilege-escalation/windows/tools.md) - [Unsecured Credentials](https://red.infiltr8.io/redteam/privilege-escalation/windows/credentials-in-files.md): MITRE ATT\&CK™ Unsecured Credentials: Credentials In Files - Technique T1552.001 - [Abusing Tokens](https://red.infiltr8.io/redteam/privilege-escalation/windows/abusing-tokens.md) - [Insecure Services](https://red.infiltr8.io/redteam/privilege-escalation/windows/services.md): MITRE ATT\&CK™ Hijack Execution Flow - Technique T1574 - [Weak Service Permissions](https://red.infiltr8.io/redteam/privilege-escalation/windows/services/weak-service-permissions.md): MITRE ATT\&CK™ Hijack Execution Flow - Technique T1574 - [Weak File/Folder Permissions](https://red.infiltr8.io/redteam/privilege-escalation/windows/services/weak-files-permissions.md): MITRE ATT\&CK™ Hijack Execution Flow - Technique T1574 - [Weak Registry Permissions](https://red.infiltr8.io/redteam/privilege-escalation/windows/services/weak-registry-permissions.md): MITRE ATT\&CK™ Hijack Execution Flow - Services Registry Permissions Weakness - Technique T1574.011 - [Unquoted Service Path](https://red.infiltr8.io/redteam/privilege-escalation/windows/services/unquoted-service-path.md): MITRE ATT\&CK™ Hijack Execution Flow - Path Interception by Unquoted Path - Technique T1574.09 - [AlwaysInstallElevated](https://red.infiltr8.io/redteam/privilege-escalation/windows/alwaysinstallelevated.md): MITRE ATT\&CK™ System Binary Proxy Execution: Msiexec - Technique T1218.007 - [AutoLogon Registry](https://red.infiltr8.io/redteam/privilege-escalation/windows/autologon-registry.md) - [Insecure Scheduled Tasks](https://red.infiltr8.io/redteam/privilege-escalation/windows/insecure-scheduled-tasks.md) - [Weak File/Folder Permissions](https://red.infiltr8.io/redteam/privilege-escalation/windows/insecure-scheduled-tasks/weak-file-folder-permissions.md) - [DLL Hijacking](https://red.infiltr8.io/redteam/privilege-escalation/windows/dll-hijacking.md) - [Linux](https://red.infiltr8.io/redteam/privilege-escalation/linux.md) - [Kernel Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits.md) - [OverlayFs Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/overlayfs-exploits.md) - [GameOverlayFs](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/overlayfs-exploits/gameoverlayfs.md): CVE-2023-2640 & CVE-2023-32629 - [CVE-2023-0386](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/overlayfs-exploits/cve-2023-0386-overlayfs.md): CVE-2023-0386 - [CVE-2021-3493](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/overlayfs-exploits/cve-2021-3493.md): CVE-2021-3493 - [CVE-2023-32233 (CAP\_NET\_ADMIN)](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/nf_tables.md): CVE-2023-32233 - [Dirty Pipe](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/dirtypipe.md): CVE-2022-0847 - [DirtyCow](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/dirtycow.md) - [RDS](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/rds.md) - [Full Nelson](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/full-nelson.md) - [Mempodipper](https://red.infiltr8.io/redteam/privilege-escalation/linux/kernel-exploits/mempodipper.md) - [GLIBC Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/glibc-exploits.md) - [Looney Tunables](https://red.infiltr8.io/redteam/privilege-escalation/linux/glibc-exploits/looney-tunables.md): CVE-2023-4911 - [Polkit Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/polkit-exploits.md): Privilege Escalation - [PwnKit](https://red.infiltr8.io/redteam/privilege-escalation/linux/polkit-exploits/pwnkit.md): CVE-2021-4034 - [D-Bus Authentication Bypass](https://red.infiltr8.io/redteam/privilege-escalation/linux/polkit-exploits/d-bus-authentication-bypass.md): CVE-2021-3560 - [Sudo Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits.md): Privilege Escalation - [Sudo Binaries](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/sudo-binaries.md) - [Sudo Misconfigurations](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/sudo-misconfigurations.md) - [Reuse Sudo Tokens](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/reuse-sudo-tokens.md) - [User Restriction Bypass](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/bypass-of-user-restrictions.md): CVE-2019-14287 - [Pwfeedback BOF](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/pwfeedback-bof.md): CVE-2019-18634 - [Baron Samedit](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/sudo-baron-samedit.md): CVE-2021–3156 - [Sudoedit Bypass](https://red.infiltr8.io/redteam/privilege-escalation/linux/sudo-exploits/sudoedit-bypass.md): CVE-2023-22809 - [SUID Binaries](https://red.infiltr8.io/redteam/privilege-escalation/linux/suid-binaries.md) - [Script Exploits](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits.md) - [Python](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/python.md) - [Pip Download Code Execution](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/python/pypi-package.md) - [PyInstaller Code Execution](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/python/pyinstaller.md) - [Pytorch Models/PTH Files Code Execution](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/python/pytorch-models-pth-files-code-execution.md) - [Ruby](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/ruby.md) - [Bash](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/bash.md) - [Perl](https://red.infiltr8.io/redteam/privilege-escalation/linux/script-exploits/perl.md) - [Scheduled tasks](https://red.infiltr8.io/redteam/privilege-escalation/linux/scheduled-tasks.md) - [Cron Jobs](https://red.infiltr8.io/redteam/privilege-escalation/linux/scheduled-tasks/cron-jobs.md) - [Systemd timers](https://red.infiltr8.io/redteam/privilege-escalation/linux/scheduled-tasks/systemd-timers.md) - [Interesting Groups](https://red.infiltr8.io/redteam/privilege-escalation/linux/groups.md) - [Lxd](https://red.infiltr8.io/redteam/privilege-escalation/linux/groups/lxd.md) - [Capabilities](https://red.infiltr8.io/redteam/privilege-escalation/linux/capabilities.md) - [NFS no\_root\_squash/no\_all\_squash](https://red.infiltr8.io/redteam/privilege-escalation/linux/nfs-no_root_squash-no_all_squash.md) - [Linux Active Directory](https://red.infiltr8.io/redteam/privilege-escalation/linux/linux-active-directory.md) - [Credential Access](https://red.infiltr8.io/redteam/credentials.md): MITRE ATT\&CK™ Credential Access - Tactic TA0006 - [Password Stores](https://red.infiltr8.io/redteam/credentials/password-stores.md) - [Windows Credential Manager](https://red.infiltr8.io/redteam/credentials/password-stores/windows-credential-manager.md) - [KeePass](https://red.infiltr8.io/redteam/credentials/password-stores/keepass.md): MITRE ATT\&CK™ Credentials from Password Stores: Password Managers - Technique T1555.005 - [Web Browsers](https://red.infiltr8.io/redteam/credentials/password-stores/credentials-from-web-browsers.md): MITRE ATT\&CK™ Credentials from Password Stores: Credentials from Web Browsers - Technique T1555.003 - [Unsecured Credentials](https://red.infiltr8.io/redteam/credentials/unsecured-credentials.md) - [Credentials In Files](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/credentials-in-files.md): MITRE ATT\&CK™ Unsecured Credentials: Credentials In Files - Technique T1552.00 - [PowerShell Credentials](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/powershell-logging.md): MITRE ATT\&CK™ Unsecured Credentials - Technique T1552 - [VNC Config](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/vnc-config.md): MITRE ATT\&CK™ Unsecured Credentials: Credentials In Files - Technique T1552.00 - [SSH Private Keys](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/ssh-private-keys.md): MITRE ATT\&CK™ Unsecured Credentials: Private Keys - T1552.004 - [Git Repositories](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/git-repositories.md) - [Veeam Backup](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/veeam-backup.md): MITRE ATT\&CK™ Credential Access - Tactic TA0006 - [Network shares](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/network-shares.md) - [Cred Network protocols](https://red.infiltr8.io/redteam/credentials/unsecured-credentials/network-protocols.md) - [OS Credentials](https://red.infiltr8.io/redteam/credentials/os-credentials.md) - [Windows & Active Directory](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory.md): MITRE ATT\&CK™ OS Credential Dumping - Technique T1003 - [SAM & LSA secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/sam-and-lsa-secrets.md): MITRE ATT\&CK™ Sub-techniques T1003.002, T1003.004 and T1003.005 - [DPAPI secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/dpapi-protected-secrets.md): MITRE ATT\&CK™ Sub-technique T1555.003 - [NTDS secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/ntds.md): MITRE ATT\&CK™ Sub-technique T1003.003 - [LSASS secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/lsass.md): MITRE ATT\&CK™ Sub-technique T1003.001 - [DCSync](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/dcsync.md): MITRE ATT\&CK™ Sub-technique T1003.006 - [Kerberos key list](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/kerberos-key-list.md) - [Group Policy Preferences](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/group-policies-preferences.md): MITRE ATT\&CK™ Sub-technique T1552.006 - [AutoLogon Registry](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/autologon-registry.md) - [In-memory secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/passwords-in-memory.md) - [Cached Kerberos tickets](https://red.infiltr8.io/redteam/credentials/os-credentials/windows-and-active-directory/cached-kerberos-tickets.md): MITRE ATT\&CK™ Steal or Forge Kerberos Tickets - Technique T1558 - [Linux](https://red.infiltr8.io/redteam/credentials/os-credentials/linux.md) - [Shadow File](https://red.infiltr8.io/redteam/credentials/os-credentials/linux/shadow-file.md): MITRE ATT\&CK™ OS Credential Dumping: /etc/passwd and /etc/shadow - Technique T1003.008 - [In-memory secrets](https://red.infiltr8.io/redteam/credentials/os-credentials/linux/passwords-in-memory.md): MITRE ATT\&CK™ OS Credential Dumping: Proc Filesystem - Technique T1003.007 - [Linux Cached Kerberos tickets](https://red.infiltr8.io/redteam/credentials/os-credentials/linux/cached-kerberos-tickets.md): MITRE ATT\&CK™ Steal or Forge Kerberos Tickets - Technique T1558 - [Samba LDB files](https://red.infiltr8.io/redteam/credentials/os-credentials/linux/samba-ldb-files.md) - [Samba DCSync (Vampire)](https://red.infiltr8.io/redteam/credentials/os-credentials/linux/samba-dcsync-vampire.md) - [MITM and coerced auths](https://red.infiltr8.io/redteam/credentials/mitm-and-coerced-auths.md) - [Password Attacks](https://red.infiltr8.io/redteam/credentials/passwd.md) - [Default, weak & Leaked Passwords](https://red.infiltr8.io/redteam/credentials/passwd/default-weak-and-leaked-passwords.md) - [Generate Wordlists](https://red.infiltr8.io/redteam/credentials/passwd/generate-wordlists.md) - [Brute-Force](https://red.infiltr8.io/redteam/credentials/passwd/brute-force.md): MITRE ATT\&CK™ Brute Force - Technique T1110 - [Online - Attacking Services](https://red.infiltr8.io/redteam/credentials/passwd/brute-force/online-attacking-services.md): MITRE ATT\&CK™ Brute Force - Technique T1110 - [Offline - Password Cracking](https://red.infiltr8.io/redteam/credentials/passwd/brute-force/offline-password-cracking.md): MITRE ATT\&CK™ Brute Force: Password Cracking - Technique T1110.002 - [Impersonation](https://red.infiltr8.io/redteam/credentials/impersonation.md) - [Lateral Movement](https://red.infiltr8.io/redteam/pivoting.md): MITRE ATT\&CK™ Lateral Movement - Tactic TA0008 - [Port Forwarding](https://red.infiltr8.io/redteam/pivoting/portfwd.md): MITRE ATT\&CK™ Protocol Tunneling - Technique T1572 - [TLS Tunneling (Ligolo-ng)](https://red.infiltr8.io/redteam/pivoting/tls-tunneling-ligolo-ng.md): MITRE ATT\&CK™ Protocol Tunneling - Technique T1572 - [HTTP(s) Tunneling](https://red.infiltr8.io/redteam/pivoting/http-tunneling.md): MITRE ATT\&CK™ Protocol Tunneling - Technique T1572 - [SSH Tunneling](https://red.infiltr8.io/redteam/pivoting/ssh-tunneling.md): MITRE ATT\&CK™ Protocol Tunneling - Technique T1572 - [DNS Tunneling](https://red.infiltr8.io/redteam/pivoting/dnstunneling.md): MITRE ATT\&CK™ Protocol Tunneling - Technique T1572 - [SMB-based](https://red.infiltr8.io/redteam/pivoting/smb-based.md): MITRE ATT\&CK™ Remote Services: SMB/Windows Admin Shares - Technique T1021.002 - [WinRM](https://red.infiltr8.io/redteam/pivoting/winrm.md): MITRE ATT\&CK™ Remote Services: Windows Remote Management - Technique T1021.006 - [Remote WMI](https://red.infiltr8.io/redteam/pivoting/remote-wmi.md): MITRE ATT\&CK™ Windows Management Instrumentation - Technique T1047 - [DCOM](https://red.infiltr8.io/redteam/pivoting/dcom.md): MITRE ATT\&CK™ Remote Services: Distributed Component Object Model - Technique T1021.003 - [Scheduled Tasks (ATSVC)](https://red.infiltr8.io/redteam/pivoting/scheduled-tasks-atsvc.md) - [Services (SVCCTL)](https://red.infiltr8.io/redteam/pivoting/services-svcctl.md) - [Exfiltration](https://red.infiltr8.io/redteam/exfiltration.md): MITRE ATT\&CK™ Exfiltration - Tactic TA0036 - [Exfiltration over ICMP](https://red.infiltr8.io/redteam/exfiltration/icmp.md): MITRE ATT\&CK™ - Exfiltration Over Alternative Protocol - Technique T1048 - [Exfiltration Over DNS](https://red.infiltr8.io/redteam/exfiltration/dns.md): MITRE ATT\&CK™ - Exfiltration Over Alternative Protocol - Technique T1048 - [Exfiltration Over HTTP(s)](https://red.infiltr8.io/redteam/exfiltration/http.md): MITRE ATT\&CK™ - Exfiltration Over Alternative Protocol - Technique T1048 - [Exfiltration Over SMB](https://red.infiltr8.io/redteam/exfiltration/smb.md): MITRE ATT\&CK™ - Exfiltration - Tactic TA0010 - [Reconnaissance](https://red.infiltr8.io/web-pentesting/recon.md) - [Subdomains enumeration](https://red.infiltr8.io/web-pentesting/recon/subdomain-enum.md) - [WAF Enumeration](https://red.infiltr8.io/web-pentesting/recon/waf-enum.md) - [Infrastructures](https://red.infiltr8.io/web-pentesting/infrastructures.md) - [DBMS](https://red.infiltr8.io/web-pentesting/infrastructures/dbms.md) - [Enum Databases](https://red.infiltr8.io/web-pentesting/infrastructures/dbms/enum-databases.md) - [Read/Write/Execute](https://red.infiltr8.io/web-pentesting/infrastructures/dbms/exploit-databases.md) - [DNS](https://red.infiltr8.io/web-pentesting/infrastructures/dns.md) - [Subdomain Takeover](https://red.infiltr8.io/web-pentesting/infrastructures/dns/subdomain-takeover.md): OWASP: WSTG-CONF-10 - [Web Servers](https://red.infiltr8.io/web-pentesting/infrastructures/web-servers.md) - [Nginx](https://red.infiltr8.io/web-pentesting/infrastructures/web-servers/nginx.md) - [Apache](https://red.infiltr8.io/web-pentesting/infrastructures/web-servers/apache.md) - [Apache Commons Text](https://red.infiltr8.io/web-pentesting/infrastructures/web-servers/apache/apache-commons-text.md): CVE-2022-42889 - Text4Shell - [Apache Tomcat](https://red.infiltr8.io/web-pentesting/infrastructures/web-servers/apache/tomcat.md) - [CMS](https://red.infiltr8.io/web-pentesting/infrastructures/cms.md) - [Wordpress](https://red.infiltr8.io/web-pentesting/infrastructures/cms/wordpress.md) - [Joomla](https://red.infiltr8.io/web-pentesting/infrastructures/cms/joomla.md) - [Drupal](https://red.infiltr8.io/web-pentesting/infrastructures/cms/drupal.md) - [Bolt CMS](https://red.infiltr8.io/web-pentesting/infrastructures/cms/bolt-cms.md) - [Frameworks](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks.md) - [Spring Framework](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/spring.md) - [Spring Routing Abuse](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/spring/spring-routing-abuse.md) - [Spring Boot Actuators](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/spring/spring-boot-actuators.md) - [Spring View Manipulation](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/spring/spring-view-manipulation.md) - [Werkzeug](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/werkzeug.md) - [Django](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/django.md) - [Flask](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/flask.md) - [Laravel](https://red.infiltr8.io/web-pentesting/infrastructures/frameworks/laravel.md) - [CGI](https://red.infiltr8.io/web-pentesting/infrastructures/cgi.md) - [Web Vulnerabilities](https://red.infiltr8.io/web-pentesting/web-vulnerabilities.md) - [Server-Side](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side.md) - [NoSQL Injection](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/nosql-injection.md) - [SQL Injection](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection.md) - [UNION Attacks](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection/union-attacks.md) - [Blind Attacks](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli.md) - [Boolean Based](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/boolean-based.md) - [Time Based](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/time-based.md) - [Error Based](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/sql-injection/blind-sqli/error-based.md) - [Insecure Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization.md) - [.NET Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization/dotnet.md) - [Python Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization/python.md) - [PHP Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization/php.md) - [Java Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization/java.md) - [Ruby Deserialization](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/deserialization/ruby.md) - [File Inclusion & Path Traversal](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion.md) - [LFI to RCE](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce.md) - [PHP Wrappers](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/php-wrappers.md) - [Logs Poisoning](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/logs-poisoning.md) - [/proc](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/proc.md) - [PHPInfo](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/phpinfo.md) - [PHP Sessions](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/php-sessions.md) - [Segmentation Fault](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/lfi2rce/segmentation-fault.md) - [RFI to RCE](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-inclusion/rfi-to-rce.md) - [Command Injection](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/command-injection.md) - [Brute-Force](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/brute-force.md) - [SSTI (Server-Side Template Injection)](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/ssti.md) - [Exposed Git Repositories](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/exposed-git-repositories.md): OWASP A3:2017-Sensitive Data Exposure - [File Upload](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/server-side/file-upload.md) - [Client-Side](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/client-side.md) - [XSS (Cross-Site Scripting)](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/client-side/xss-cross-site-scripting.md) - [CORS (Cross-origin resource sharing)](https://red.infiltr8.io/web-pentesting/web-vulnerabilities/client-side/cors-cross-origin-resource-sharing.md) - [Network services](https://red.infiltr8.io/network-pentesting/protocols.md) - [DNS](https://red.infiltr8.io/network-pentesting/protocols/dns.md): Pentesting DNS - TCP/UDP Port 53 - [FastCGI](https://red.infiltr8.io/network-pentesting/protocols/fastcgi.md): Pentesting FastCGI - TCP Port 9000 - [HTTP & HTTPS](https://red.infiltr8.io/network-pentesting/protocols/http-and-https.md): Pentesting HTTP & HTTP - TCP Ports 80,443 - [LDAP](https://red.infiltr8.io/network-pentesting/protocols/ldap.md): Pentesting LDAP - TCP Ports 389,3268,636,3269 - [NFS](https://red.infiltr8.io/network-pentesting/protocols/nfs.md): Pentesting NFS - TCP/UDP Port 2049 - [MS-RPC](https://red.infiltr8.io/network-pentesting/protocols/ms-rpc.md): Pentesting MS-RPC - TCP Ports 135,593 - [MSSQL](https://red.infiltr8.io/network-pentesting/protocols/mssql.md): Pentesting MSSQL - TCP Port 1433 - [NBT-NS (NetBIOS)](https://red.infiltr8.io/network-pentesting/protocols/nbt-ns-netbios.md): Pentesting NBT-NS - TCP/UDP Ports 137,138,139 - [Oracle TNS](https://red.infiltr8.io/network-pentesting/protocols/oracle-tns.md): Pentesting Oracle TNS - TCP Ports 1521,1522-1529 - [RDP](https://red.infiltr8.io/network-pentesting/protocols/rdp.md): Pentesting RDP - TCP Port 3389 - [Rsync](https://red.infiltr8.io/network-pentesting/protocols/rsync.md): Pentesting RSync - TCP Ports 873 - [SMB](https://red.infiltr8.io/network-pentesting/protocols/smb.md): Pentesting SMB - TCP Ports 445,139 - [SMTP](https://red.infiltr8.io/network-pentesting/protocols/smtp.md): Pentesting SMTP - TCP Ports 25,465,587 - [SNMP](https://red.infiltr8.io/network-pentesting/protocols/snmp.md): Pentesting SNMP - UDP Ports 161,162,10161,10162 - [SSH](https://red.infiltr8.io/network-pentesting/protocols/ssh.md): Pentesting SSH - TCP Port 22 - [WebDAV](https://red.infiltr8.io/network-pentesting/protocols/webdav.md): Pentesting WebDAV - TCP Ports 80,443 - [WinRM](https://red.infiltr8.io/network-pentesting/protocols/winrm.md): Pentesting WinRM - TCP Ports 5985,5986 - [XMPP/Jabber](https://red.infiltr8.io/network-pentesting/protocols/xmpp-jabber.md): Pentesting XMPP/Jabber - TCP Ports 5222, 5269, 8010 - [RPC Port Mapper](https://red.infiltr8.io/network-pentesting/protocols/rpc-port-mapper.md): Port TCP/UDP 111 - [FTP](https://red.infiltr8.io/network-pentesting/protocols/ftp.md) - [Telnet](https://red.infiltr8.io/network-pentesting/protocols/telnet.md) - [MySQL](https://red.infiltr8.io/network-pentesting/protocols/mysql.md) - [WiFi](https://red.infiltr8.io/network-pentesting/wifi.md) - [WEP](https://red.infiltr8.io/network-pentesting/wifi/wep.md) - [WPA2](https://red.infiltr8.io/network-pentesting/wifi/wpa2.md) - [WPS](https://red.infiltr8.io/network-pentesting/wifi/wps.md) - [Bluetooth](https://red.infiltr8.io/network-pentesting/bluetooth.md) - [Reconnaissance](https://red.infiltr8.io/ad/recon.md) - [Tools ⚙️](https://red.infiltr8.io/ad/recon/tools.md) - [PowerView ⚙️](https://red.infiltr8.io/ad/recon/tools/powerview.md) - [Responder ⚙️](https://red.infiltr8.io/ad/recon/tools/responder.md) - [BloodHound ⚙️](https://red.infiltr8.io/ad/recon/tools/bloodhound.md) - [enum4linux ⚙️](https://red.infiltr8.io/ad/recon/tools/enum4linux.md) - [Network](https://red.infiltr8.io/ad/recon/network.md) - [DHCP](https://red.infiltr8.io/ad/recon/network/dhcp.md) - [DNS](https://red.infiltr8.io/ad/recon/network/dns.md) - [NBT-NS](https://red.infiltr8.io/ad/recon/network/nbt-ns.md) - [Port scanning](https://red.infiltr8.io/ad/recon/network/port-scanning.md) - [SMB](https://red.infiltr8.io/ad/recon/network/smb.md) - [LDAP](https://red.infiltr8.io/ad/recon/network/ldap.md) - [MS-RPC](https://red.infiltr8.io/ad/recon/network/ms-rpc.md) - [Objects & Settings](https://red.infiltr8.io/ad/recon/objects-and-settings.md) - [DACLs](https://red.infiltr8.io/ad/recon/objects-and-settings/dacls.md) - [Group policies](https://red.infiltr8.io/ad/recon/objects-and-settings/group-policies.md) - [Password policy](https://red.infiltr8.io/ad/recon/objects-and-settings/password-policy.md) - [LAPS](https://red.infiltr8.io/ad/recon/objects-and-settings/laps.md) - [Movement](https://red.infiltr8.io/ad/movement.md) - [Credentials](https://red.infiltr8.io/ad/movement/credentials.md) - [Dumping](https://red.infiltr8.io/ad/movement/credentials/dumping.md): MITRE ATT\&CK™ Techniques T1003 and T1552 - [Cracking](https://red.infiltr8.io/ad/movement/credentials/cracking.md): MITRE ATT\&CK™ Sub-technique T1110.002 - [Bruteforcing](https://red.infiltr8.io/ad/movement/credentials/bruteforcing.md) - [Guessing](https://red.infiltr8.io/ad/movement/credentials/bruteforcing/guessing.md): MITRE ATT\&CK™ Sub-technique T1110.001 - [Spraying](https://red.infiltr8.io/ad/movement/credentials/bruteforcing/password-spraying.md): MITRE ATT\&CK™ Sub-technique T1110.003 - [Stuffing](https://red.infiltr8.io/ad/movement/credentials/bruteforcing/stuffing.md): MITRE ATT\&CK™ Sub-technique T1110.004 - [Shuffling](https://red.infiltr8.io/ad/movement/credentials/credential-shuffling.md): MITRE ATT\&CK™ Techniques T1003 and T1552 (kind of) - [MITM and coerced auths](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications.md) - [ARP poisoning](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/arp-poisoning.md): MITRE ATT\&CK™ Sub-technique T1557.002 - [DNS spoofing](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/dns-spoofing.md) - [DHCP poisoning](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/dhcp-poisoning.md) - [DHCPv6 spoofing](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/dhcpv6-spoofing.md) - [WSUS spoofing](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/wsus-spoofing.md) - [LLMNR, NBT-NS, mDNS spoofing](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/llmnr-nbtns-mdns-spoofing.md): MITRE ATT\&CK™ Sub-technique T1557.001 - [ADIDNS poisoning](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/adidns-spoofing.md) - [WPAD spoofing](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/wpad-spoofing.md) - [MS-EFSR abuse (PetitPotam)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/ms-efsr.md) - [MS-RPRN abuse (PrinterBug)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/ms-rprn.md) - [MS-FSRVP abuse (ShadowCoerce)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/ms-fsrvp.md) - [MS-DFSNM abuse (DFSCoerce)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/ms-dfsnm.md) - [MS-EVEN abuse (CheeseOunce)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/ms-even-abuse-cheeseounce.md) - [PushSubscription abuse](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/pushsubscription-abuse.md) - [WebClient abuse (WebDAV)](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/webclient.md) - [Living off the land](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/living-off-the-land.md) - [NBT Name Overwrite](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/nbt-name-overwrite.md) - [ICMP Redirect](https://red.infiltr8.io/ad/movement/mitm-and-coerced-authentications/icmp-redirect.md) - [NTLM](https://red.infiltr8.io/ad/movement/ntlm.md) - [Capture](https://red.infiltr8.io/ad/movement/ntlm/capture.md) - [Relay](https://red.infiltr8.io/ad/movement/ntlm/relay.md): MITRE ATT\&CK™ Sub-technique T1557.001 - [Pass the hash](https://red.infiltr8.io/ad/movement/ntlm/pth.md): MITRE ATT\&CK™ Sub-technique T1550.002 - [Kerberos](https://red.infiltr8.io/ad/movement/kerberos.md) - [Pre-auth bruteforce](https://red.infiltr8.io/ad/movement/kerberos/pre-auth-bruteforce.md) - [Pass the key](https://red.infiltr8.io/ad/movement/kerberos/ptk.md) - [Overpass the hash](https://red.infiltr8.io/ad/movement/kerberos/opth.md) - [Pass the ticket](https://red.infiltr8.io/ad/movement/kerberos/ptt.md): MITRE ATT\&CK™ Sub-technique T1550.003 - [Pass the cache](https://red.infiltr8.io/ad/movement/kerberos/ptc.md) - [Forged tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets.md): MITRE ATT\&CK™ Sub-techniques T1558.001 and T1558.002 - [Silver tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/silver.md) - [Golden tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/golden.md) - [Diamond tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/diamond.md) - [Sapphire tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/sapphire.md) - [RODC Golden tickets](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/rodc-golden-tickets.md) - [MS14-068](https://red.infiltr8.io/ad/movement/kerberos/forged-tickets/ms14-068.md): CVE-2014-6324 - [ASREQroast](https://red.infiltr8.io/ad/movement/kerberos/asreqroast.md) - [ASREProast](https://red.infiltr8.io/ad/movement/kerberos/asreproast.md) - [Kerberoast](https://red.infiltr8.io/ad/movement/kerberos/kerberoast.md): MITRE ATT\&CK™ Sub-technique T1558.003 - [Delegations](https://red.infiltr8.io/ad/movement/kerberos/delegations.md) - [(KUD) Unconstrained](https://red.infiltr8.io/ad/movement/kerberos/delegations/unconstrained.md) - [(KCD) Constrained](https://red.infiltr8.io/ad/movement/kerberos/delegations/constrained.md) - [(RBCD) Resource-based constrained](https://red.infiltr8.io/ad/movement/kerberos/delegations/rbcd.md) - [S4U2self abuse](https://red.infiltr8.io/ad/movement/kerberos/delegations/s4u2self-abuse.md) - [Bronze Bit](https://red.infiltr8.io/ad/movement/kerberos/delegations/bronze-bit.md): CVE-2020-17049 - [Shadow Credentials](https://red.infiltr8.io/ad/movement/kerberos/shadow-credentials.md) - [UnPAC the hash](https://red.infiltr8.io/ad/movement/kerberos/unpac-the-hash.md) - [Pass the Certificate - PKINIT](https://red.infiltr8.io/ad/movement/kerberos/pass-the-certificate.md) - [Kerberos relay](https://red.infiltr8.io/ad/movement/kerberos/kerberos-relay.md) - [sAMAccountName spoofing](https://red.infiltr8.io/ad/movement/kerberos/samaccountname-spoofing.md): CVE-2021-42278 and CVE-2021-42287 - [SPN-jacking](https://red.infiltr8.io/ad/movement/kerberos/spn-jacking.md) - [Netlogon](https://red.infiltr8.io/ad/movement/netlogon.md) - [ZeroLogon](https://red.infiltr8.io/ad/movement/netlogon/zerologon.md): CVE-2020-1472 - [DACL abuse](https://red.infiltr8.io/ad/movement/dacl.md) - [AddMember](https://red.infiltr8.io/ad/movement/dacl/addmember.md) - [ForceChangePassword](https://red.infiltr8.io/ad/movement/dacl/forcechangepassword.md) - [Targeted Kerberoasting](https://red.infiltr8.io/ad/movement/dacl/targeted-kerberoasting.md) - [WriteOwner](https://red.infiltr8.io/ad/movement/dacl/writeowner.md) - [ReadLAPSPassword](https://red.infiltr8.io/ad/movement/dacl/readlapspassword.md) - [ReadGMSAPassword](https://red.infiltr8.io/ad/movement/dacl/readgmsapassword.md) - [Grant ownership](https://red.infiltr8.io/ad/movement/dacl/grant-ownership.md) - [Grant rights](https://red.infiltr8.io/ad/movement/dacl/grant-rights.md) - [Logon script](https://red.infiltr8.io/ad/movement/dacl/logon-script.md) - [Rights on RODC object](https://red.infiltr8.io/ad/movement/dacl/rights-on-rodc-object.md) - [BadSuccessor (dMSA abuse)](https://red.infiltr8.io/ad/movement/dacl/badsuccessor-dmsa-abuse.md) - [Group policies](https://red.infiltr8.io/ad/movement/group-policies.md) - [Trusts](https://red.infiltr8.io/ad/movement/domain-trusts.md) - [Certificate Services (AD-CS)](https://red.infiltr8.io/ad/movement/ad-cs.md) - [Certificate templates](https://red.infiltr8.io/ad/movement/ad-cs/certificate-templates.md) - [Certificate authority](https://red.infiltr8.io/ad/movement/ad-cs/certificate-authority.md) - [Access controls](https://red.infiltr8.io/ad/movement/ad-cs/access-controls.md) - [Unsigned endpoints](https://red.infiltr8.io/ad/movement/ad-cs/unsigned-endpoints.md) - [Certifried](https://red.infiltr8.io/ad/movement/ad-cs/certifried.md): CVE-2022–26923 - [Schannel](https://red.infiltr8.io/ad/movement/schannel.md) - [Pass the Certificate - Schannel](https://red.infiltr8.io/ad/movement/schannel/pass-the-certificate-schannel.md) - [SCCM / MECM](https://red.infiltr8.io/ad/movement/sccm-mecm.md) - [Privilege Escalation](https://red.infiltr8.io/ad/movement/sccm-mecm/privilege-escalation.md) - [Post Exploitation](https://red.infiltr8.io/ad/movement/sccm-mecm/post-exploitation.md) - [Exchange services](https://red.infiltr8.io/ad/movement/exchange-services.md) - [PrivExchange](https://red.infiltr8.io/ad/movement/exchange-services/privexchange.md): CVE-2018-8581 - [ProxyLogon](https://red.infiltr8.io/ad/movement/exchange-services/proxylogon.md): Chained CVE-2021-26855 and CVE-2021-27065 - [ProxyShell](https://red.infiltr8.io/ad/movement/exchange-services/proxyshell.md): Chained CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 - [ProxyNotShell](https://red.infiltr8.io/ad/movement/exchange-services/proxynotshell.md): Chained CVE-2022-41040, CVE-2022-41082 - [Print Spooler Service](https://red.infiltr8.io/ad/movement/print-spooler-service.md) - [PrinterBug](https://red.infiltr8.io/ad/movement/print-spooler-service/printerbug.md) - [PrintNightmare](https://red.infiltr8.io/ad/movement/print-spooler-service/printnightmare.md): CVE-2021-1675 & CVE-2021-34527 - [Built-ins & settings](https://red.infiltr8.io/ad/movement/domain-settings.md) - [Builtin Groups](https://red.infiltr8.io/ad/movement/domain-settings/builtin-groups.md) - [DNSAdmins](https://red.infiltr8.io/ad/movement/domain-settings/builtin-groups/dnsadmins.md) - [AD Recycle Bin](https://red.infiltr8.io/ad/movement/domain-settings/builtin-groups/ad-recycle-bin.md) - [MachineAccountQuota](https://red.infiltr8.io/ad/movement/domain-settings/machineaccountquota.md) - [Pre-Windows 2000 computers](https://red.infiltr8.io/ad/movement/domain-settings/pre-windows-2000-computers.md) - [RODC](https://red.infiltr8.io/ad/movement/domain-settings/rodc.md): Read-Only Domain Controller - [Persistence](https://red.infiltr8.io/ad/persistence.md) - [Skeleton key](https://red.infiltr8.io/ad/persistence/skeleton-key.md) - [SID History](https://red.infiltr8.io/ad/persistence/sid-history.md) - [AdminSDHolder](https://red.infiltr8.io/ad/persistence/adminsdholder.md) - [GoldenGMSA](https://red.infiltr8.io/ad/persistence/goldengmsa.md) - [Kerberos](https://red.infiltr8.io/ad/persistence/kerberos.md) - [Forged tickets](https://red.infiltr8.io/ad/persistence/kerberos/forged-tickets.md) - [Delegation to KRBTGT](https://red.infiltr8.io/ad/persistence/kerberos/delegation-to-krbtgt.md) - [Certificate Services (AD-CS)](https://red.infiltr8.io/ad/persistence/ad-cs.md) - [Certificate authority](https://red.infiltr8.io/ad/persistence/ad-cs/certificate-authority.md) - [Access controls](https://red.infiltr8.io/ad/persistence/ad-cs/access-controls.md) - [Golden certificate](https://red.infiltr8.io/ad/persistence/ad-cs/golden-certificate.md) - [LAPS](https://red.infiltr8.io/ad/persistence/laps.md) - [DC Shadow](https://red.infiltr8.io/ad/persistence/dcshadow.md) - [Access controls](https://red.infiltr8.io/ad/persistence/access-controls.md) - [On-Chain Analysis](https://red.infiltr8.io/smart-contracts-pentesting/on-chain-analysis.md) - [Solidity Events Analysis](https://red.infiltr8.io/smart-contracts-pentesting/on-chain-analysis/solidity-events-analysis.md): Leveraging Events for Blockchain Forensics and Investigation - [Transactions Analysis](https://red.infiltr8.io/smart-contracts-pentesting/on-chain-analysis/transactions-analysis.md) - [Smart Contract Vulnerabilities](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities.md) - [EVM Attack Surfaces](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces.md) - [Sensitive Data Exposure](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/sensitive-data-exposure.md): SCWE-044: Insecure Use of Storage - [Solidity Metadata Exposure](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/solidity-metadata-exposure.md) - [Integer overflow/underflow](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/integer-overflow-underflow.md): SCWE-047: Integer Overflows and Underflows - [Insecure DelegateCall](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/insecure-delegatecall.md): SCWE-035: Insecure Delegatecall Usage - [Reentrancy](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/reentrancy.md): SCWE-046: Reentrancy Attacks - [Dynamic Array Underflow](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/dynamic-array-underflow.md): SCWE-124: Write to Arbitrary Storage Location - [Hash Collisions (abi.encodePacked)](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/evm-attack-surfaces/hash-collisions-abi.encodepacked.md): SCWE-074: Hash Collisions with Multiple Variable Length Arguments - [Contract Lifecycle & Upgradeability](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/contract-lifecycle-and-upgradeability.md) - [Incorrect Constructor Name](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/contract-lifecycle-and-upgradeability/incorrect-constructor-name.md): SCWE-070: Incorrect Constructor Name - [Protocol Layer Attack Surfaces](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/protocol-layer-attack-surfaces.md) - [AMMs (Automated Market Makers)](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/protocol-layer-attack-surfaces/amms-automated-market-makers.md) - [Oracles](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/protocol-layer-attack-surfaces/oracles.md) - [Lending Protocols](https://red.infiltr8.io/smart-contracts-pentesting/vulnerabilities/protocol-layer-attack-surfaces/lending-protocols.md) - [Kubernetes](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes.md) - [Reconnaissance](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes/reconnaissance-and-enumeration.md): Pentesting Kubernetes (K8S): Enumeration and Information Gathering from Inside and Outside the Cluster - [Initial Access](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes/initial-access.md): Pentesting Kubernetes (K8S): Achieving Initial Access to a Kubernetes Cluster via Anonymous Access or Compromised Pods - [Privilege Escalation](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes/privesc-and-rbac-exploitation.md): Pentesting Kubernetes (K8S): Privilege Escalation Vectors Inside a Kubernetes Cluster - [Persistence and Lateral Movement](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes/persistence-and-lateral-movement.md): Pentesting Kubernetes (K8s): Persistence Mechanisms in Kubernetes Environments - [Post-Exploitation](https://red.infiltr8.io/cloud-cicd-pentesting/kubernetes/data-exfiltration.md): Pentesting Kubernetes (K8s): Post-Exploitation and Looting After Full Cluster Compromise - [CI/CD](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd.md) - [Ansible Pentesting](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/ansible-pentesting.md) - [Artifactory Pentesting](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/artifactory-pentesting.md) - [Docker](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/docker.md): This chapter covers the basic theory around Docker containers security and how to escape them. - [Docker Registry](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/registry.md) - [HTTP API V2](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/registry/apiv2.md) - [GitLab](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/gitlab.md) - [Github](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/github.md) - [Gitea](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/gitea.md) - [Jenkins](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/jenkins.md) - [Terraform](https://red.infiltr8.io/cloud-cicd-pentesting/ci-cd/terraform.md) - [Azure Pentesting](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad.md) - [Reconnaissance](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/reconnaissance.md) - [Tools ⚙️](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/reconnaissance/tools.md) - [Unauthenticated Reconnaissance](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/reconnaissance/unauthenticated-reconnaissance.md) - [Internal Reconnaissance](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/reconnaissance/internal-reconnaissance.md) - [Movement](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement.md) - [Credentials](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials.md) - [Password Spraying](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials/password-spraying.md) - [Token Manipulation](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials/token-manipulation.md) - [Pass-The-Cookie (PTC)](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials/token-manipulation/pass-the-cookie-ptc.md) - [Pass the Certificate (Azure)](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials/token-manipulation/pass-the-certificate-azure.md) - [Pass the PRT](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/credentials/token-manipulation/pass-the-prt.md) - [Aazure Resources](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources.md) - [Key Vault](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources/key-vault.md) - [Storage Accounts](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources/storage-accounts.md) - [Virtual Machines](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources/virtual-machines.md) - [Automation](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources/automation.md) - [Databases](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/aazure-resources/databases.md) - [Role-Based Access](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/role-based-access.md) - [Conditional Access](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/conditional-access.md) - [Service Principals & Applications](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/service-principals-and-applications.md) - [Hybrid Identity](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity.md) - [Password Hash Sync (PHS)](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity/password-hash-sync-phs.md) - [Pass-through Authentication (PTA)](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity/pass-through-authentication-pta.md) - [Active Directory Federation Services (ADFS)](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity/active-directory-federation-services-adfs.md) - [Seamless SSO](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity/seamless-sso.md) - [Cloud Kerberos Trust](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/hybrid-identity/cloud-kerberos-trust.md) - [Cross-Tenant Access](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/movement/cross-tenant-access.md) - [Persistence](https://red.infiltr8.io/cloud-cicd-pentesting/azure-ad/persistence.md) - [AWS Pentesting](https://red.infiltr8.io/cloud-cicd-pentesting/aws.md) - [Reconnaissance](https://red.infiltr8.io/cloud-cicd-pentesting/aws/reconnaissance.md) - [Unauthenticated Enumeration](https://red.infiltr8.io/cloud-cicd-pentesting/aws/reconnaissance/unauthenticated-enumeration.md): Unauthenticated AWS Enumeration - [Movement](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement.md) - [AWS IAM](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam.md) - [Users & Groups](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/users-and-groups.md): AWS IAM Users & Groups - [Roles & AssumeRole](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/roles-and-assumerole.md): AWS IAM Roles & AssumeRole - [Access Keys](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/access-keys.md): AWS IAM Access Keys - [Policies](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/policies.md): AWS IAM Policies - [PassRole & Service Principals](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/passrole-and-service-principals.md): AWS IAM: PassRole & Service Principals - [MFA](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/mfa.md) - [Identity Center](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/identity-center.md): AWS IAM Identity Center - [Federation (SAML & OIDC)](https://red.infiltr8.io/cloud-cicd-pentesting/aws/movement/aws-iam/federation-saml-and-oidc.md): AWS IAM Federation - [Persistence](https://red.infiltr8.io/cloud-cicd-pentesting/aws/persistence.md) - [GCP Pentesting](https://red.infiltr8.io/cloud-cicd-pentesting/gcp-pentesting.md) - [Large Language Model (LLM)](https://red.infiltr8.io/ai-red-teaming/large-language-model-llm.md) - [Retrieval Augmented Generation (RAG)](https://red.infiltr8.io/ai-red-teaming/retrieval-augmented-generation-rag.md) - [Machine Learning (ML)](https://red.infiltr8.io/ai-red-teaming/machine-learning-ml.md) - [AI Agents](https://red.infiltr8.io/ai-red-teaming/ai-agents.md) - [Training Infrastructure](https://red.infiltr8.io/ai-red-teaming/training-infrastructure.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://red.infiltr8.io/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.