012 ⚔️ Red Team & Offensive Security MOC
- Methodology: Red Teaming, Purple Teaming, Threat Emulation, Cyber Kill Chain, Unified Kill Change, Pyramid of Pain, MITRE ATT&CK, TTPs (Tactics, Techniques, Procedures), TIBER-EU Framework, Penetration Testing Report
- Threat Actors: FIN7
- Reconnaissance: Passive Reconnaissance, Active Reconnaissance, Open Source Intelligence (OSINT), Google Dorking, Shodan Dorking, Social Engineering, Web Crawler, robots.txt, Sitemap
- Recon Tools: WHOIS, nslookup, Domain Information Groper (dig), DNSDumpster, Shodan, Ping, Traceroute, Telnet, Netcat (nc), Banner Grabbing, Favicon Hash, ExifTool, GitHub OSINT, WiGLE
- Weaponization & Delivery: Exploit Kit, Phishing, Malvertising, Smishing, Payload
- Exploitation: Exploit, Zero-Day Exploit, EternalBlue, CVE-2017-0144, WannaCry, ALPHAV, Moniker Link (CVE-2024-21413), Shadow Brokers, Buffer Overflow
- Post-Exploitation: Persistence (Cyber Security), Lateral Movement, Web Shell, Living off the Land (LOLBAS), Privilege Escalation, Steganography
- C2 & Evasion: Command and Control (C2), Domain Generation Algorithm (DGA), Fast Flux, DNS Tunneling
- The Metasploit Framework: Metasploit, Metasploit Framework, Metasploit Console, Metasploit Modules, Meterpreter, RHOSTS, LHOST
- Password Attacks: Password Cracking, Brute-force, Dictionary Attacks, Hydra, John the Ripper, fcrackzip, pdfcrack