flaing/.tex

## .tex
\textbf{Obfuscation.} To hide weaponized exploitation signatures and anomaly. {\footnotesize Tools: Invoke-Obfuscation, demiguise, Veil-evasion, Invoke-DOSfuscation, morphHTA, Unicorn, Ruler.}

\textbf{Encryption.} To encrypt victims files. {\footnotesize Tools: zip, gzip, rar, winzip32, 7z.}

\textbf{Exploitation for Privilege Escalation.} To exploit some CVE of Microsoft. {\footnotesize Tools: getsystem, bitsadmin, msbuild, privesc.}

\textbf{File Deletion.} To wipe victims machine. {\footnotesize Tools: rm, shred, del, rmdir, Remove-Item, vssadmin, wmic, bcdedit, wbadmin.}

\textbf{Rundll32 Tricks.} To bypass things like whitelisting. {\footnotesize Tools: rundll32, {\textbar}javascript{\textbar}vbscript{\textbar}http{\textbar}https{\textbar}.dll
}

\textbf{Network Configuration Discovery.} To recon victims' configurations. {\footnotesize Tools: ipconfig, shell, enum{\_}domains, arp,
route, nbtstat, net, nltest, powerview,
get{\_}subnet.}

\textbf{Web Shell.} To exploit victims with web shell. {\footnotesize Tools: xcopy, ieexec.}

\textbf{Windows Management Instrumentation.} To exfiltrate (exploit) victims' machine. {\footnotesize Tools: wmic, elevated{\_}wmi, invoke{\_}wmi.}

\textbf{Bypass User Account Control.} To excape from user account control of victims' machine.  {\footnotesize Tools: uacbypass, reg, New-Item, Set-ItemProperty, Start-Process, fodhelper, mklink, eventvwr, mshta, verclsid, winword, cmmgr32, privesc, bypassuac{\_}tokenmanipulation.}

\textbf{Credential Dumping.} To steal credentials, even for cloud platforms. {\footnotesize Tools: hashdump, mimikatz, smart{\_}hashdump, logonpasswords, domain{\_}hashdump,
wdigest, msv, gsecdump, IEX, reg, wce, vsadmin, ntdsutil, Get-GPPPassword, copy, kerberos{\_}inject, ChromeDump, FoxDump, ninjacopy, vaults, enum{\_}cred{\_}store, powerdump, silver{\_}ticket, trust{\_}keys, privesc, downgrade\_{}account, wdigest{\_}downgrade, etcd{\_}crawler.}

\textbf{Exfiltration Over Alternative Protocol.} To  steal the victims and hide traces. {\footnotesize Tools: ssh, tar, ping, exfil\_{}dropbox, Invoke\_{}ExfilDataToGithub.}

\textbf{Powershell Tricks.} Most dangerous, to generate massive damage yet remain persistence remotely, with multiple pipelines, most dangerous. {\footnotesize Tools: powershell, IEX .DownloadString, New-Object, ::ReadAllBytes, ForEach-Object, Set-Variable, Set-Item, .PsObject, .Invoke, .InvokeCommand, Shell, Get-ItemProperty, SandKeys, New-LocalUser, reg, Add-Content, Invoke-Expression, excel, cmd,
invoke\_{}psremoting, spawn, Invoke-Mimikatz, SharpHound, Invoke-BloodHound.}
	\textbf{Obfuscation.} To hide weaponized exploitation signatures and anomaly. {\footnotesize Tools: Invoke-Obfuscation, demiguise, Veil-evasion, Invoke-DOSfuscation, morphHTA, Unicorn, Ruler.}

	\textbf{Encryption.} To encrypt victims files. {\footnotesize Tools: zip, gzip, rar, winzip32, 7z.}

	\textbf{Exploitation for Privilege Escalation.} To exploit some CVE of Microsoft. {\footnotesize Tools: getsystem, bitsadmin, msbuild, privesc.}

	\textbf{File Deletion.} To wipe victims machine. {\footnotesize Tools: rm, shred, del, rmdir, Remove-Item, vssadmin, wmic, bcdedit, wbadmin.}

	\textbf{Rundll32 Tricks.} To bypass things like whitelisting. {\footnotesize Tools: rundll32, {\textbar}javascript{\textbar}vbscript{\textbar}http{\textbar}https{\textbar}.dll
	}

	\textbf{Network Configuration Discovery.} To recon victims' configurations. {\footnotesize Tools: ipconfig, shell, enum{\_}domains, arp,
	route, nbtstat, net, nltest, powerview,
	get{\_}subnet.}

	\textbf{Web Shell.} To exploit victims with web shell. {\footnotesize Tools: xcopy, ieexec.}

	\textbf{Windows Management Instrumentation.} To exfiltrate (exploit) victims' machine. {\footnotesize Tools: wmic, elevated{\_}wmi, invoke{\_}wmi.}

	\textbf{Bypass User Account Control.} To excape from user account control of victims' machine. {\footnotesize Tools: uacbypass, reg, New-Item, Set-ItemProperty, Start-Process, fodhelper, mklink, eventvwr, mshta, verclsid, winword, cmmgr32, privesc, bypassuac{\_}tokenmanipulation.}

	\textbf{Credential Dumping.} To steal credentials, even for cloud platforms. {\footnotesize Tools: hashdump, mimikatz, smart{\_}hashdump, logonpasswords, domain{\_}hashdump,
	wdigest, msv, gsecdump, IEX, reg, wce, vsadmin, ntdsutil, Get-GPPPassword, copy, kerberos{\_}inject, ChromeDump, FoxDump, ninjacopy, vaults, enum{\_}cred{\_}store, powerdump, silver{\_}ticket, trust{\_}keys, privesc, downgrade\_{}account, wdigest{\_}downgrade, etcd{\_}crawler.}

	\textbf{Exfiltration Over Alternative Protocol.} To steal the victims and hide traces. {\footnotesize Tools: ssh, tar, ping, exfil\_{}dropbox, Invoke\_{}ExfilDataToGithub.}

	\textbf{Powershell Tricks.} Most dangerous, to generate massive damage yet remain persistence remotely, with multiple pipelines, most dangerous. {\footnotesize Tools: powershell, IEX .DownloadString, New-Object, ::ReadAllBytes, ForEach-Object, Set-Variable, Set-Item, .PsObject, .Invoke, .InvokeCommand, Shell, Get-ItemProperty, SandKeys, New-LocalUser, reg, Add-Content, Invoke-Expression, excel, cmd,
	invoke\_{}psremoting, spawn, Invoke-Mimikatz, SharpHound, Invoke-BloodHound.}