GitBook: [master] 41 pages modified

mantvydasb · gitbook-bot · commit 1134506d85d3 · 2021-04-03T16:16:18.000Z
diff --git a/SUMMARY.md b/SUMMARY.md
diff --git a/offensive-security/code-execution/t1117-regsvr32-aka-squiblydoo.md b/offensive-security/code-execution/t1117-regsvr32-aka-squiblydoo.md
@@ -2,7 +2,7 @@
 description: regsvr32 (squiblydoo) code execution - bypass application whitelisting.
 ---
 
-# T1117: regsvr32
+# regsvr32
 
 ## Execution
 
diff --git a/offensive-security/code-execution/t1118-installutil.md b/offensive-security/code-execution/t1118-installutil.md
@@ -2,7 +2,7 @@
 description: InstallUtil code execution - bypass application whitelisting.
 ---
 
-# T1118: InstallUtil
+# InstallUtil
 
 ## Execution
 
diff --git a/offensive-security/code-execution/t1170-mshta-code-execution.md b/offensive-security/code-execution/t1170-mshta-code-execution.md
@@ -2,7 +2,7 @@
 description: MSHTA code execution - bypass application whitelisting.
 ---
 
-# T1170: MSHTA
+# MSHTA
 
 ## Execution
 
diff --git a/offensive-security/code-execution/t1191-cmstp-code-execution.md b/offensive-security/code-execution/t1191-cmstp-code-execution.md
@@ -2,7 +2,7 @@
 description: CMSTP code execution - bypass application whitelisting.
 ---
 
-# T1191: CMSTP
+# CMSTP
 
 ## Execution
 
diff --git a/offensive-security/code-execution/t1196-control-panel-item-code-execution.md b/offensive-security/code-execution/t1196-control-panel-item-code-execution.md
@@ -2,7 +2,7 @@
 description: Control Panel Item code execution - bypass application whitelisting.
 ---
 
-# T1196: Control Panel Item
+# Control Panel Item
 
 ## Execution
 
diff --git a/offensive-security/code-execution/t1202-forfiles-indirect-command-execution.md b/offensive-security/code-execution/t1202-forfiles-indirect-command-execution.md
@@ -2,7 +2,7 @@
 description: Defense Evasion
 ---
 
-# T1202: Forfiles Indirect Command Execution
+# Forfiles Indirect Command Execution
 
 This technique launches an executable without a cmd.exe.
 
diff --git a/offensive-security/code-execution/t1216-signed-script-ce.md b/offensive-security/code-execution/t1216-signed-script-ce.md
@@ -4,7 +4,7 @@ description: >-
   pubprn.vbs
 ---
 
-# T1216: pubprn.vbs Signed Script Code Execution
+# pubprn.vbs Signed Script Code Execution
 
 ## Execution
 
diff --git a/offensive-security/credential-access-and-credential-dumping/t1174-password-filter-dll.md b/offensive-security/credential-access-and-credential-dumping/t1174-password-filter-dll.md
@@ -2,7 +2,7 @@
 description: Credential Access
 ---
 
-# T1174: Password Filter
+# Password Filter
 
 This lab explores a native OS notification of when the user account password gets changed, which is responsible for validating it. That, of course means, that the password can be intercepted and logged.
 
diff --git a/offensive-security/credential-access-and-credential-dumping/t1214-credentials-in-registry.md b/offensive-security/credential-access-and-credential-dumping/t1214-credentials-in-registry.md
@@ -2,7 +2,7 @@
 description: 'Internal recon, hunting for passwords in Windows registry'
 ---
 
-# T1214: Credentials in Registry
+# Credentials in Registry
 
 ## Execution
 
diff --git a/offensive-security/defense-evasion/t1027-obfuscated-powershell-invocations.md b/offensive-security/defense-evasion/t1027-obfuscated-powershell-invocations.md
@@ -2,7 +2,7 @@
 description: Defense Evasion
 ---
 
-# T1027: Obfuscated Powershell Invocations
+# Obfuscated Powershell Invocations
 
 This topic is huge, but in this lab, I wanted to see if I could do a simple hunt for encoded powershell command invocations.
 
diff --git a/offensive-security/defense-evasion/t1045-software-packing-upx.md b/offensive-security/defense-evasion/t1045-software-packing-upx.md
@@ -2,7 +2,7 @@
 description: 'Defense Evasion, Code Obfuscation'
 ---
 
-# T1045: Packed Binaries
+# Packed Binaries
 
 For this exercise, I will pack a binary with a well known UPX packer.
 
diff --git a/offensive-security/defense-evasion/t1096-alternate-data-streams.md b/offensive-security/defense-evasion/t1096-alternate-data-streams.md
@@ -1,4 +1,4 @@
-# T1096: Alternate Data Streams
+# Alternate Data Streams
 
 ## Execution
 
diff --git a/offensive-security/defense-evasion/t1099-timestomping.md b/offensive-security/defense-evasion/t1099-timestomping.md
@@ -2,7 +2,7 @@
 description: Defense Evasion
 ---
 
-# T1099: Timestomping
+# Timestomping
 
 ## Execution
 
diff --git a/offensive-security/defense-evasion/t1140-encode-decode-data-with-certutil.md b/offensive-security/defense-evasion/t1140-encode-decode-data-with-certutil.md
@@ -2,7 +2,7 @@
 description: Defense Evasion
 ---
 
-# T1140: Encode/Decode Data with Certutil
+# Encode/Decode Data with Certutil
 
 In this lab I will transfer a base64 encoded php reverse shell from my attacking machine to the victim machine via netcat and decode the data on the victim system using a native windows binary `certutil`.
 
diff --git a/offensive-security/defense-evasion/t1158-hidden-files.md b/offensive-security/defense-evasion/t1158-hidden-files.md
@@ -2,7 +2,7 @@
 description: 'Defense Evasion, Persistence'
 ---
 
-# T1158: Hidden Files
+# Hidden Files
 
 ## Execution
 
diff --git a/offensive-security/enumeration-and-discovery/t1010-application-window-discovery.md b/offensive-security/enumeration-and-discovery/t1010-application-window-discovery.md
@@ -2,7 +2,7 @@
 description: Discovery
 ---
 
-# T1010: Application Window Discovery
+# Application Window Discovery
 
 Retrieving running application window titles:
 
diff --git a/offensive-security/enumeration-and-discovery/t1087-account-discovery.md b/offensive-security/enumeration-and-discovery/t1087-account-discovery.md
@@ -2,7 +2,7 @@
 description: Discovery
 ---
 
-# T1087: Account Discovery & Enumeration
+# Account Discovery & Enumeration
 
 ## Execution
 
diff --git a/offensive-security/lateral-movement/t1028-winrm-for-lateral-movement.md b/offensive-security/lateral-movement/t1028-winrm-for-lateral-movement.md
@@ -2,7 +2,7 @@
 description: PowerShell remoting for lateral movement.
 ---
 
-# T1028: WinRM for Lateral Movement
+# WinRM for Lateral Movement
 
 ## Execution
 
diff --git a/offensive-security/lateral-movement/t1047-wmi-for-lateral-movement.md b/offensive-security/lateral-movement/t1047-wmi-for-lateral-movement.md
@@ -2,7 +2,7 @@
 description: 'Windows Management Instrumentation for code execution, lateral movement.'
 ---
 
-# T1047: WMI for Lateral Movement
+# WMI for Lateral Movement
 
 ## Execution
 
diff --git a/offensive-security/lateral-movement/t1051-shared-webroot.md b/offensive-security/lateral-movement/t1051-shared-webroot.md
@@ -2,7 +2,7 @@
 description: Lateral Movement
 ---
 
-# T1051: Shared Webroot
+# Shared Webroot
 
 ## Execution
 
diff --git a/offensive-security/lateral-movement/t1076-rdp-hijacking-for-lateral-movement.md b/offensive-security/lateral-movement/t1076-rdp-hijacking-for-lateral-movement.md
@@ -4,7 +4,7 @@ description: >-
   through the network using RDP without the need for credentials.
 ---
 
-# T1076: RDP Hijacking for Lateral Movement with tscon
+# RDP Hijacking for Lateral Movement with tscon
 
 ## Execution
 
diff --git a/offensive-security/lateral-movement/t1175-distributed-component-object-model.md b/offensive-security/lateral-movement/t1175-distributed-component-object-model.md
@@ -2,7 +2,7 @@
 description: Lateral Movement via Distributed Component Object Model
 ---
 
-# T1175: Lateral Movement via DCOM
+# Lateral Movement via DCOM
 
 > The Microsoft Component Object Model \(COM\) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM is the foundation technology for Microsoft's OLE \(compound documents\), ActiveX \(Internet-enabled components\), as well as others.
 >
diff --git a/offensive-security/persistence/t1013-addmonitor.md b/offensive-security/persistence/t1013-addmonitor.md
@@ -2,7 +2,7 @@
 description: 'Persistence, Privilege Escalation'
 ---
 
-# T1013: AddMonitor\(\)
+# AddMonitor\(\)
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1015-sethc.md b/offensive-security/persistence/t1015-sethc.md
@@ -2,7 +2,7 @@
 description: Sticky keys backdoor.
 ---
 
-# T1015: Sticky Keys
+# Sticky Keys
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1035-service-execution.md b/offensive-security/persistence/t1035-service-execution.md
@@ -2,7 +2,7 @@
 description: 'Code Execution, Privilege Escalation'
 ---
 
-# T1035: Service Execution
+# Service Execution
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1053-schtask.md b/offensive-security/persistence/t1053-schtask.md
@@ -2,7 +2,7 @@
 description: 'Code execution, privilege escalation, lateral movement and persitence.'
 ---
 
-# T1053: Schtask
+# Schtask
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1084-abusing-windows-managent-instrumentation/README.md b/offensive-security/persistence/t1084-abusing-windows-managent-instrumentation/README.md
@@ -2,7 +2,7 @@
 description: 'Persistence, Privilege Escalation'
 ---
 
-# T1084: Abusing Windows Managent Instrumentation
+# Abusing Windows Managent Instrumentation
 
 WMI events are made up of 3 key pieces:
 
diff --git a/offensive-security/persistence/t1122-com-hijacking.md b/offensive-security/persistence/t1122-com-hijacking.md
@@ -2,7 +2,7 @@
 description: 'UAC Bypass/Defense Evasion, Persistence'
 ---
 
-# T1122: COM Hijacking
+# COM Hijacking
 
 > The Microsoft Component Object Model \(COM\) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM is the foundation technology for Microsoft's OLE \(compound documents\), ActiveX \(Internet-enabled components\), as well as others.
 
diff --git a/offensive-security/persistence/t1128-netsh-helper-dll.md b/offensive-security/persistence/t1128-netsh-helper-dll.md
@@ -2,7 +2,7 @@
 description: 'Persistence, code execution using netsh helper arbitrary libraries.'
 ---
 
-# T1128: NetSh Helper DLL
+# NetSh Helper DLL
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1130-install-root-certificate.md b/offensive-security/persistence/t1130-install-root-certificate.md
@@ -2,7 +2,7 @@
 description: Defense Evasion
 ---
 
-# T1130: Installing Root Certificate
+# Installing Root Certificate
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1136-create-account.md b/offensive-security/persistence/t1136-create-account.md
@@ -2,7 +2,7 @@
 description: Persistence
 ---
 
-# T1136: Create Account
+# Create Account
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1138-application-shimming.md b/offensive-security/persistence/t1138-application-shimming.md
@@ -2,7 +2,7 @@
 description: 'Persistence, Privilege Escalation'
 ---
 
-# T1138: Application Shimming
+# Application Shimming
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1180-screensaver-hijack.md b/offensive-security/persistence/t1180-screensaver-hijack.md
@@ -2,7 +2,7 @@
 description: Hijacking screensaver for persistence.
 ---
 
-# T1180: Screensaver Hijack
+# Screensaver Hijack
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1197-bits-jobs.md b/offensive-security/persistence/t1197-bits-jobs.md
@@ -2,7 +2,7 @@
 description: File upload to the compromised system.
 ---
 
-# T1197: BITS Jobs
+# BITS Jobs
 
 ## Execution
 
diff --git a/offensive-security/persistence/t1198-trust-provider-hijacking.md b/offensive-security/persistence/t1198-trust-provider-hijacking.md
@@ -2,7 +2,7 @@
 description: 'Defense Evasion, Persistence, Whitelisting Bypass'
 ---
 
-# T1198: SIP & Trust Provider Hijacking
+# SIP & Trust Provider Hijacking
 
 In this lab, I will try to sign a simple "rogue" powershell script `test-forged.ps1` that only has one line of code, with **Microsoft's** certificate and bypass any whitelisting protections/policies the script may be subject to if it is not signed.
 
diff --git a/offensive-security/persistence/t1209-hijacking-time-providers.md b/offensive-security/persistence/t1209-hijacking-time-providers.md
@@ -2,7 +2,7 @@
 description: Persistence
 ---
 
-# T1209: Hijacking Time Providers
+# Hijacking Time Providers
 
 ## Execution
 
diff --git a/offensive-security/privilege-escalation/t1038-dll-hijacking.md b/offensive-security/privilege-escalation/t1038-dll-hijacking.md
@@ -2,7 +2,7 @@
 description: 'DLL Search Order Hijacking for privilege escalation, code execution, etc.'
 ---
 
-# T1038: DLL Hijacking
+# DLL Hijacking
 
 ## Execution
 
diff --git a/offensive-security/privilege-escalation/t1108-redundant-access.md b/offensive-security/privilege-escalation/t1108-redundant-access.md
@@ -2,7 +2,7 @@
 description: Redundant Access - Webshells for evading defenses and persistence.
 ---
 
-# T1108: WebShells
+# WebShells
 
 This demo assumes a server compromise and that the attacker has already uploaded a webshell to the compromised host for persistence.
 
diff --git a/offensive-security/privilege-escalation/t1134-access-token-manipulation.md b/offensive-security/privilege-escalation/t1134-access-token-manipulation.md
@@ -4,7 +4,7 @@ description: >-
   tokens.
 ---
 
-# T1134: Primary Access Token Manipulation
+# Primary Access Token Manipulation
 
 ## Context
 
diff --git a/offensive-security/privilege-escalation/t1183-image-file-execution-options-injection.md b/offensive-security/privilege-escalation/t1183-image-file-execution-options-injection.md
@@ -2,7 +2,7 @@
 description: 'Defense Evasion, Persistence, Privilege Escalation'
 ---
 
-# T1183: Image File Execution Options Injection
+# Image File Execution Options Injection
 
 ## Execution
 
