CRTP Course contents:- Module 1:- Gathering useful information related to Active Directory ; users, groups, computers, trusts, ACLs, etc. Privilege Escalation techniques on windows. Gaining Admin privileges. Execute attacks involving bypassing antivirus and pivoting to other machines. Module 2:- Find credentials and sessions for high privileges of domain accounts. Extract credentials from restricted environments with whitelisting.

Base line for newly imaged machine:- Get-Service * | Where {$_.status -eq “Running”} | Export-Clixml fileName.xml Comparing the baseline to the current state:- Compare-Object (Import-Clixml fileName.xml)(Get-Service * | Where {$_.status -eq “Running”}) -Property DisplayName | Where-Object{$_.sideindicator -eq “<=”} Another way to create base line for newly imaged machine:- Get-Process | Export-Clixml fileName.xml

smss.exe (session manager):- Responsible to create sessions. Session 0 creates OS services and starts csrss.exe and wininit.exe. Session 1 creates user session and starts csrss.exe and winlog.exe. Loads (its location is ) in shared memory and Locations. Executable Path: %SystemRoot%\System32\smss.exe Parent Process: System Username: NT AUTHORITY\SYSTEM (S-1–5–18) Base Priority: 11 Time of Execution…

Nmap Scans Filters to detect nmap scans:

Continuing with wireshark features:- Statistics: provides multiple statistics options to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and specific protocols. Resolved Addresses:- It helps analysts identify IP addresses and DNS names. Statistics → Resolved Addresses Protocol Hierarchy This option breaks down all available protocols from the…

wireshark is a traffic analyzer it could be used as:- Detecting and solving network problems 2. Detecting security anomalies 3. Investigating and learning protocols details. NOTE: wireshark is not an IDS, and not modify the packets, it just reads them, and the analysist who will discover the anomalies and this…

Creating stable shell sudo python3 -c ‘import ptty;pty.spawn(“/bin/bash”)’ export XTERM = term ctrl + z stty raw -echo; fg

· Right-click the Immunity Debugger icon on the Desktop and choose “Run as administrator”. · Open the executable file in Immunity Debugger and run it. · Run !mona config -set workingfolder c:\mona\%p · Run the fuzzer.py …

1- Metasploit: - After exploiting one machine and get the meterpreter for it run the following commands:- 1- Run autoroute -r target_ip_network 2- Run post/windows/arp_scanner target_ip_networkà to see the reachable active hosts. 3- Use /auxiliary/server/socks à to open proxy channel. 4- Then use proxychains in the attacking machine to run…