The Complete Team Field Manual 9798747990753
The Red Team and the Blue Team are now obsolete.The only manual you need is this: "TCTFM" The Complete Team Fi
364 125 16MB
English Pages 165 [167] Year 2021
Table of contents :
1*NIX
1.1GENERAL INFORMATION
1.1.1Linux Kernels
1.1.2Linux Common Directories and Configuration Files
1.1.3Linux System Information
1.1.4Linux Network Commands
1.1.5Linux Basic and Administrative Commands
1.2INITIAL ACCESS
1.2.1ATTACK
1.2.2DETECTION
1.3EXECUTION
1.3.1ATTACK
1.3.2DETECTION
1.4PERSISTENCE
1.4.1ATTACK
1.4.2DETECTION
1.5PRIVILEGE ESCALATION
1.5.1ATTACK
1.5.2DETECTION
1.6DEFENSE EVASION
1.6.1ATTACK
1.6.2DETECTION
1.7CREDENTIAL ACCESS
1.7.1ATTACK
1.7.2DETECTION
1.8DISCOVERY
1.8.1ATTACK
1.8.2DETECTION
1.9LATERAL MOVEMENT
1.9.1ATTACK
1.9.2DETECTION
1.10COLLECTION
1.10.1ATTACK
1.10.2DETECTION
1.11COMMAND AND CONTROL
1.11.1Relevant Information
1.11.2ATTACK
1.11.3DETECTION
1.12EXFILTRATION
1.12.1ATTACK
1.12.2DETECTION
2WINDOWS
2.1GENERAL INFORMATION
2.1.1Windows NT versions
2.1.2Commonly Used Windows Registry Locations
2.1.3Windows Directories
2.1.4Windows cmd basics
2.1.5Windows powershell
2.2INITIAL ACCESS
2.2.1ATTACK
2.2.2DETECTION
2.3EXECUTION
2.3.1ATTACK
2.3.2DETECTION
2.4PERSISTENCE
2.4.1ATTACK
2.4.2DETECTION
2.5PRIVILEGE ESCALATION
2.5.1ATTACK
2.5.2DETECTION
2.6DEFENSE EVASION
2.6.1ATTACK
2.6.2DETECTION
2.7CREDENTIAL ACCESS
2.7.1ATTACK
2.7.2DETECTION
2.8DISCOVERY
2.8.1ATTACK
2.8.2DETECTION
2.9LATERAL MOVEMENT
2.9.1ATTACK
2.9.2DETECTION
2.10COLLECTION
2.10.1Relevant Information - Attack
2.10.2DETECTION
2.10.3MITIGATION
2.11COMMAND AND CONTROL
2.11.1RELEVANT INFORMATION
2.11.2ATTACK
2.11.3Detection
2.12EXFILTRATION
2.12.1ATTACK
2.12.2DETECTION
3Network
3.1GENERAL INFORMATION
3.1.1Common Ports
3.2IPV4
3.2.1IPv4 Header
3.2.2IPv4 ICMP Header
3.2.3IPv4 Subnet Class Ranges
3.2.4ICMPv4 Type Codes
3.2.5IPv6
3.2.6TCP Header
3.2.7UDP Header
3.2.8DNS Header
3.2.9ARP Header
3.2.10TTL and Windows Size by OS
3.2.11Common Wireshark Filters
3.3ATTACK
3.3.1ARP Cache Poisoning
3.3.2DNS Spoofing
3.3.3Switch Flood
3.3.4Rogue IPv6 Attack
3.3.5Network Scans
3.3.6Denial of Service
3.4DETECTION
4Container Breakout
4.1KUBERNETES
4.1.1Determine if you are on kubernetes cluster
4.1.2Kubernetes enumeration
4.1.3Kubernetes Pod RBAC Breakout
4.2DOCKER
4.2.1Determine if you are on docker container
5OSINT
5.1recong-ng
5.2theHarvester
6Malware Analysis
6.1STATIC ANALYSIS
6.1.1Executable Packing
6.1.2Hash Check
6.1.3Strings Check
6.1.4Inspect Portable Executable
6.1.5PE Disassembly
6.2DYNAMIC ANALYSIS
6.2.1Setup
6.2.2Common Tools Used
7Attack Frameworks
7.1Metasploit
7.2Meterpreter
7.3PowerShell Empire
7.3.1Host Tools
7.3.2Network Tools
7.3.3Common Zeek/Bro Options
7.3.4NetworkMiner
7.3.5Moloch
7.3.6Suricata
7.3.7Snort
7.3.8Nmap
7.3.9Wireshark
8Wireless
8.1Attack
8.1.1WEP
8.1.2WPA
8.1.3Evil Twin
8.1.4Mac Spoofing
8.2Detection
8.2.1Wireshark detect WiFi DOS
8.2.2Kismet
9Database
9.1MYSQL
9.2POSTGRESQL
9.3MS SQL
10Scripting
10.1POWERSHELL
10.2PYTHON
10.3BASH
10.4ASCII TABLE
11Web
11.1USER AGENTS
1*NIX
1.1GENERAL INFORMATION
1.1.1Linux Kernels
1.1.2Linux Common Directories and Configuration Files
1.1.3Linux System Information
1.1.4Linux Network Commands
1.1.5Linux Basic and Administrative Commands
1.2INITIAL ACCESS
1.2.1ATTACK
1.2.2DETECTION
1.3EXECUTION
1.3.1ATTACK
1.3.2DETECTION
1.4PERSISTENCE
1.4.1ATTACK
1.4.2DETECTION
1.5PRIVILEGE ESCALATION
1.5.1ATTACK
1.5.2DETECTION
1.6DEFENSE EVASION
1.6.1ATTACK
1.6.2DETECTION
1.7CREDENTIAL ACCESS
1.7.1ATTACK
1.7.2DETECTION
1.8DISCOVERY
1.8.1ATTACK
1.8.2DETECTION
1.9LATERAL MOVEMENT
1.9.1ATTACK
1.9.2DETECTION
1.10COLLECTION
1.10.1ATTACK
1.10.2DETECTION
1.11COMMAND AND CONTROL
1.11.1Relevant Information
1.11.2ATTACK
1.11.3DETECTION
1.12EXFILTRATION
1.12.1ATTACK
1.12.2DETECTION
2WINDOWS
2.1GENERAL INFORMATION
2.1.1Windows NT versions
2.1.2Commonly Used Windows Registry Locations
2.1.3Windows Directories
2.1.4Windows cmd basics
2.1.5Windows powershell
2.2INITIAL ACCESS
2.2.1ATTACK
2.2.2DETECTION
2.3EXECUTION
2.3.1ATTACK
2.3.2DETECTION
2.4PERSISTENCE
2.4.1ATTACK
2.4.2DETECTION
2.5PRIVILEGE ESCALATION
2.5.1ATTACK
2.5.2DETECTION
2.6DEFENSE EVASION
2.6.1ATTACK
2.6.2DETECTION
2.7CREDENTIAL ACCESS
2.7.1ATTACK
2.7.2DETECTION
2.8DISCOVERY
2.8.1ATTACK
2.8.2DETECTION
2.9LATERAL MOVEMENT
2.9.1ATTACK
2.9.2DETECTION
2.10COLLECTION
2.10.1Relevant Information - Attack
2.10.2DETECTION
2.10.3MITIGATION
2.11COMMAND AND CONTROL
2.11.1RELEVANT INFORMATION
2.11.2ATTACK
2.11.3Detection
2.12EXFILTRATION
2.12.1ATTACK
2.12.2DETECTION
3Network
3.1GENERAL INFORMATION
3.1.1Common Ports
3.2IPV4
3.2.1IPv4 Header
3.2.2IPv4 ICMP Header
3.2.3IPv4 Subnet Class Ranges
3.2.4ICMPv4 Type Codes
3.2.5IPv6
3.2.6TCP Header
3.2.7UDP Header
3.2.8DNS Header
3.2.9ARP Header
3.2.10TTL and Windows Size by OS
3.2.11Common Wireshark Filters
3.3ATTACK
3.3.1ARP Cache Poisoning
3.3.2DNS Spoofing
3.3.3Switch Flood
3.3.4Rogue IPv6 Attack
3.3.5Network Scans
3.3.6Denial of Service
3.4DETECTION
4Container Breakout
4.1KUBERNETES
4.1.1Determine if you are on kubernetes cluster
4.1.2Kubernetes enumeration
4.1.3Kubernetes Pod RBAC Breakout
4.2DOCKER
4.2.1Determine if you are on docker container
5OSINT
5.1recong-ng
5.2theHarvester
6Malware Analysis
6.1STATIC ANALYSIS
6.1.1Executable Packing
6.1.2Hash Check
6.1.3Strings Check
6.1.4Inspect Portable Executable
6.1.5PE Disassembly
6.2DYNAMIC ANALYSIS
6.2.1Setup
6.2.2Common Tools Used
7Attack Frameworks
7.1Metasploit
7.2Meterpreter
7.3PowerShell Empire
7.3.1Host Tools
7.3.2Network Tools
7.3.3Common Zeek/Bro Options
7.3.4NetworkMiner
7.3.5Moloch
7.3.6Suricata
7.3.7Snort
7.3.8Nmap
7.3.9Wireshark
8Wireless
8.1Attack
8.1.1WEP
8.1.2WPA
8.1.3Evil Twin
8.1.4Mac Spoofing
8.2Detection
8.2.1Wireshark detect WiFi DOS
8.2.2Kismet
9Database
9.1MYSQL
9.2POSTGRESQL
9.3MS SQL
10Scripting
10.1POWERSHELL
10.2PYTHON
10.3BASH
10.4ASCII TABLE
11Web
11.1USER AGENTS
- Author / Uploaded
- Allyson Brian
![The Psychonaut Field Manual [4]](https://ebin.pub/img/200x200/the-psychonaut-field-manual-4.jpg)
![RTFM: Red Team Field Manual v2 [2 ed.]
1075091837, 9781075091834](https://ebin.pub/img/200x200/rtfm-red-team-field-manual-v2-2nbsped-1075091837-9781075091834.jpg)
