My Bloodtype is Coffee
These are some notes that I took during courses or while browsing the web. Sarcastically, AD and Azure hacking are not really my forte.. the stuff that I typically do (app-sec, web-sec) is almost not represented in those notes. On the other hand, this is not that surprising as I know these areas by heart.
Content
I think the best entry points are the Methodologies
:
Offensive Stuff
This is where my heart is at:
- AD Assumed Breach contains anything Microsoft Active Directory related
- Azure Testing Methodology is about attacking that PoS that is Azure.
- Web Pen-Testing are small notes about performing web-attacks
- Red Teaming is a bit pretentious. It is a super-set of AD Assumed Breach, also containing OSINT and external attacks. A bit more stealth too.
Defensive-ish Stuff
- Purple Teaming is just a starting point about doing a bit more defensive stuff
Big Structure
I have adopted something resembling MiTRE ATTACK:
Methodologies
: High-Level GuidanceBackground
: more high-level information
Techniques
: attack techniques, mostly tool-independentTools
: concrete tools