Table of contents 👨🚒 Certified Red Team Professional LAB Access 🔥 Assume Breach Execution Cycle 😆 Prepare your VM 😅 PowerShell Detections 🔥 AMSI Bypass 🙃 Tools CMD Commands 🤣 Escape the Machine Data Visualization BloodHound AzureHound RustHound Domain Enumeration 1⃣ Tools 2⃣ Domain Enumeration 3⃣ Users, Groups, Computers Enumeration 4⃣ Shares Enumeration 5⃣ GPO Enumeration 6⃣ ACLs Enumeration 7⃣ Domain Trusts Domain Forests 9⃣ Miscellaneous Enumeration User Hunting Local Privilege Escalation Theory Automation Tools Techniques Lateral Movement Thinking WinRS PowerShell Remoting Invoke-MimiKatz CrackMapExec Domain Persistence 🔥 Golden tickets 🥈 Silver Tickets 💎 Diamond Tickets 🚒 Skeleton Keys DSRM Custom SSP - Track logons ACLs 1⃣ AdminSDHolder 2⃣ DCsync 3⃣ WMI 4⃣ Remote Powershell 5⃣ Remote Registry Domain Privilege Escalation 🟢 Kerberoast 🟢 AS-REPS Roasting 🟢 Set SPN 🟢 Unconstrained Delegation 🟢 Constrained Delegation 🟢 DNS Admins Enterprise Admins Child to parent - Trust tickets Child to parent - krbtgt hash 🟢 Crossforest attacks AD CS 🟢 Abuse MSSQL Servers