Initial Access

Password Spraying Attack - https://github.com/praetorian-inc/trident

An Office365 User Attack Tool - https://github.com/optiv/Go365

Phishing Toolkit

Gophish - https://github.com/gophish/gophish #Phishing framework
Evilnginx - https://github.com/kgretzky/evilginx2 # 2FA Authentication Bypass and MITM based attack.
AITM ( Adversary-in-the-middle (AiTM) phishing sites ) #Business email compromise
- https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
Browser In The Browser (BITB) Templates
- https://github.com/mrd0x/BITB

Phishing Techniques:

Normal phishing - Without targeting anyone, a group, we send a trap email to target.

Spear Phishing

Smishing

Vishing

Tips & unusual procedure:

LLMNR to Domain Admin

Kerberoasting

Kerberoasting is an attack that abuses the Kerberos protocol to harvest password hashes for Active Directory user accounts with servicePrincipalName (SPN) values — i.e., service accounts.

A user is allowed to request a ticket-granting service (TGS) ticket for any SPN, and parts of the TGS may be encrypted with RC4 using the password hash of the service account that is assigned the requested SPN as the key. Therefore, an adversary who is able to steal TGS tickets (either from memory or by capturing them by sniffing network traffic) can extract the service account’s password hash and attempt an offline brute force attack to obtain the plaintext password.

Theory Explanation - https://www.crowdstrike.com/cybersecurity-101/kerberoasting/

-- https://www.hackingarticles.in/deep-dive-into-kerberoasting-attack/

Attack Tutorial - https://r3dbuck3t.notion.site/Kerberoasting-Service-Accounts-7a8de9de43aa43fb9f9c7b97bf98227f

-- https://www.netwrix.com/cracking_kerberos_tgs_tickets_using_kerberoasting.html

password cracking:

https://hackingvision.com/2020/03/27/hashcat-rule-based-attack/ - hashcat rule add with rockyoutxt file.