Public resources for PEN-300 Training.
- 3.1.3.1: JavaScript
- 3.2.2.1: MyMarco
- 3.2.3.1: MyMarco and PowerShell
- 3.4.3.1: Calling Win32 APIs from VBA
- https://sites.google.com/site/jrlhost/links/excelcdll
- MessageBoxA
- https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-messageboxa
- https://stackov=erflow.com/questions/60753153/custom-message-box-code-fails-without-out-warning-in-latest-version-of-excel-on
- https://www.cadsharp.com/docs/Win32API_PtrSafe.txt
- FindWindowA
- https://docs.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-findwindowa
- http://users.skynet.be/am044448/Programmeren/VBA/vba_class_names.htm
- 3.5.1.1: Calling Win32 APIs from PowerShell
- 3.5.2.1: Porting Shellcode Runner to PowerShell
- 3.6.2.1: Leveraging UnsafeNativeMethods
- https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getmodulehandlea
- https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-getprocaddress
- 3.6.3.1: DelegateType Reflection
- 4.1.1.1: Creating a Basic Dropper in Jscript
- 4.1.2.1: Jscript Meterpreter Dropper
- https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ms760236%28v%3dvs.85%29 (It is ServerXMLHTTP. Not XMLHTTP)
- https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/scripting-articles/x05fawxd(v=vs.84)
- 4.2.2.1: DotNetToJscript
- 5.1.2.1: Process Injection in C# (VirtualAlloc and WriteProcessMemory Injection)
- http://pinvoke.net/default.aspx/kernel32/OpenProcess.html
- http://pinvoke.net/default.aspx/kernel32/VirtualAllocEx.html
- http://pinvoke.net/default.aspx/kernel32/WriteProcessMemory.html
- http://pinvoke.net/default.aspx/kernel32/CreateRemoteThread.html
- https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.getprocessesbyname?view=netframework-4.8
- https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.id?view=net-5.0
- https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1
- 5.1.2.2: Extra Mile (NTMap Injection)
- https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection
- http://joyasystems.com/list-of-ntstatus-codes
- NtCreationSection
- http://pinvoke.net/default.aspx/ntdll/NtCreateSection.html
- https://stackoverflow.com/questions/683491/how-to-declarate-large-integer-in-c-sharp
- NtMapViewOfSection
- http://pinvoke.net/default.aspx/ntdll/NtMapViewOfSection.html
- http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FSection%2FSECTION_INHERIT.html
- https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants
- NtUnmapViewOfSection
- NtClose
- 6.6.2.1: Non-emulated APIs
- https://docs.microsoft.com/en-us/windows/win32/api/fibersapi/nf-fibersapi-flsalloc
- http://pinvoke.net/default.aspx/kernel32/FlsAlloc.html
- https://social.msdn.microsoft.com/Forums/en-US/c85f867b-66f8-45bd-a105-a984d80bd720/flsoutofindexes?forum=winappswithnativecode
- 6.7.2.1: Stomping On Microsoft Word
- 6.8.3.1: Obfuscating VBA
- https://download.serviio.org/releases/serviio-1.8-win-setup.exe
- https://www.exploit-db.com/exploits/41959
- https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae
- https://www.vergiliusproject.com/kernels/x64/Windows%2010%20|%202016/1809%20Redstone%205%20(October%20Update)/_PEB32
- 7.4.2.1: Patching the internals
- https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:O97M/OfficeWmiRunPowershell.B&ThreatID=2147772508
- https://www.redteam.cafe/red-team/powershell/powershell-custom-runspace
- https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
- 7.4.2.2: Extra Mile
- 8.2.2.2: Extra Mile
- 8.4.5.2: Extra Mile
- https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild?view=vs-2019
- https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019
- https://docs.microsoft.com/en-us/visualstudio/msbuild/walkthrough-creating-an-inline-task?view=vs-2019
- https://www.ired.team/offensive-security/code-execution/using-msbuild-to-execute-shellcode-in-c
- 8.5.2.2: Extra Mile
- https://github.com/cobbr/Covenant/wiki/Installation-And-Startup
- https://dotnet.microsoft.com/download/dotnet/3.1
- https://github.com/cobbr/Covenant/wiki
- 9.3.1.1: Case Study: Bypassing Norton HIPS with Custom Certificates
- https://www.hackingarticles.in/bypass-detection-for-meterpreter-shell-impersonate_ssl/
- https://www.reddit.com/r/netsecstudents/comments/9xpfhy/problem_with_metasploit_using_an_ssl_certificate/
- 9.6.1.2: Extra Mile
- 9.6.2.2: Extra Mile
- 10.1.2.1: VIM Config Simple Keylogger
- 10.3.2.2: Extra Mile
- 11.2.4.2: Extra Mile
- https://developer.mozilla.org/en-US/docs/Web/API/Window/dump
- https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.dom.window.dump.file
- 12.4.1.1: Memory Dump
- 13.1.4.1: RDP as a Console
- 13.1.5.1: Stealing Clear Text Credentials from RDP
- 13.2.2.1: Implementing Fileless Lateral Movement in C#
- 14.3: Kerberos on Linux
- 14.3.4.2: Extra Mile
- https://github.com/GhostPack/Rubeus#dump
- https://github.com/eloypgz/ticket_converter
- https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
- https://www.tarlogic.com/blog/how-to-attack-kerberos/
- 15.2.1.1: Privilege Escalation using SQL Impersonation
- 15.3.1.1: Linked Server
- 15.3.1.2: Extra Mile
- 15.3.2.2: Extra Mile
- 16.2.1.1: Keroberos Unconstrained Delegation
- 16.2.2.1: I Am a Domain Controller
- 16.2.3.1: Constrained Delegation
- 16.2.4.1: Resource-Based Constrained Delegation
- 16.4.1.2: Extra Mile
- https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md
- https://adsecurity.org/?p=1588