# Red Teaming and Malware Analysis ## Red Teaming and Malware Analysis - [About](https://gitbook.seguranca-informatica.pt/master.md) - [Cheat Sheet](https://gitbook.seguranca-informatica.pt/cheat-sheet-1.md) - [Web](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web.md) - [Misc](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/misc.md) - [File Upload bypass](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/file-upload-bypass.md) - [Authentication bypass](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/authentication-bypass.md) - [SQL Injection](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/sql-injection.md) - [XSS](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/xss.md) - [XXE](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/xxe.md) - [Reverse-shell](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/reverse-shell.md) - [Webshell](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/webshell.md) - [(De)Serialization](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/web/serialization.md) - [Active Directory](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/active-directory.md) - [Services by port](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port.md) - [Enum](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/enum.md) - [5060 - SIP](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/5060-sip.md) - [25 - SMTP](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/25-smtp.md) - [135 - RPC](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/135-rpc.md) - [445 - SMB](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/445-smb.md) - [11211 - PHPMemCached](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/11211-phpmemcached.md) - [ldap](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/services-by-port/ldap.md) - [Hardening](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/hardening.md) - [Stigs / Compliance & Benchmarks](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/hardening/stigs-compliance-and-benchmarks.md) - [Stuff](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff.md) - [Basic tips/scripts](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff/basic-tips-scripts.md) - [OpenBSD & NetBSD](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff/netbsd.md) - [File Transfer](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff/file-transfer.md) - [Pivoting](https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff/pivoting.md) - [Active Directory 101](https://gitbook.seguranca-informatica.pt/active-directory-cheat-sheet.md) - [Dumping Active Directory DNS using adidnsdump](https://gitbook.seguranca-informatica.pt/active-directory-cheat-sheet/dumping-active-directory-dns-using-adidnsdump.md) - [PrintNightmare](https://gitbook.seguranca-informatica.pt/active-directory-cheat-sheet/printnightmare.md) - [From DFSCoercer to DA](https://gitbook.seguranca-informatica.pt/active-directory-cheat-sheet/from-dfscoercer-to-da.md) - [Fuzzing and Web](https://gitbook.seguranca-informatica.pt/fuzzing-and-web.md) - [Server Side Template Injection (SSTI)](https://gitbook.seguranca-informatica.pt/fuzzing-and-web/server-side-template-injection-ssti.md): How to explore Server Side Template Injection (SSTI) vulnerabilities. - [Finding SSRF (all scope)](https://gitbook.seguranca-informatica.pt/fuzzing-and-web/finding-ssrf-all-scope.md) - [Format String Exploitation](https://gitbook.seguranca-informatica.pt/fuzzing-and-web/format-string.md): Exploiting format string flaw - [Cache Poisoning using Nuclei](https://gitbook.seguranca-informatica.pt/fuzzing-and-web/cache-poisoning-using-nuclei.md): Discovering cache poisoning vulnerabilities using nuclei. - [Initial Foothold](https://gitbook.seguranca-informatica.pt/untitled.md) - [Browser In The Browser (BITB) Attack](https://gitbook.seguranca-informatica.pt/untitled/browser-in-the-browser-bitb-attack.md): The content of this page is directly retrivied from the original publication. - [Phishing with Office](https://gitbook.seguranca-informatica.pt/untitled/phishing-with-office.md) - [Weaponizing XLM 4.0 macros](https://gitbook.seguranca-informatica.pt/untitled/phishing-with-office/pwning-xlm-4.0-macros-+-c2.md) - [Privilege Escalation (Privesc)](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc.md) - [AV/EDR Bypass](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc/av-edr-bypass.md) - [Bypass AV/EDR using Safe Mode](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc/av-edr-bypass/bypass-av-edr-using-safe-mode.md): Bypass AV/EDR using Safe Mode during your Red Teaming experiments. - [Resources](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc/av-edr-bypass/resources.md) - [UAC bypass](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc/uac-bypass.md) - [Process migration like meterpreter](https://gitbook.seguranca-informatica.pt/privilege-escalation-privesc/process-migration-like-meterpreter.md) - [Lateral Movement (Pivoting)](https://gitbook.seguranca-informatica.pt/lateral-movement-pivoting.md) - [From Windows VPN + Kali VPN + DC](https://gitbook.seguranca-informatica.pt/lateral-movement-pivoting/from-windows-vpn-+-kali-vpn-+-dc.md): In this scenario, I will demonstrate how I can get connectivity to the Domain Controller via a local Windows machine + access a KALI with VPN and finally the Domain Controller. - [By using Proxifier](https://gitbook.seguranca-informatica.pt/lateral-movement-pivoting/from-windows-vpn-+-kali-vpn-+-dc/by-using-proxifier.md) - [Persistence](https://gitbook.seguranca-informatica.pt/persistence.md) - [Command and Control (C\&C)](https://gitbook.seguranca-informatica.pt/command-and-control-c-and-c.md) - [CobaltStrike 101](https://gitbook.seguranca-informatica.pt/command-and-control-c-and-c/cobaltstrike-101.md) - [Pivoting DMZ: weevely + ngrok + CS Pivot COMBO via Linux](https://gitbook.seguranca-informatica.pt/command-and-control-c-and-c/cobaltstrike-101/weevely-webshell-+-ngrok-+-cs-pivot-+-linux.md): Pivoting internally over DMZs using weevely + ngrok + CobaltStrike COMBO via a Linux machine - [Extras + Plugins](https://gitbook.seguranca-informatica.pt/command-and-control-c-and-c/cobaltstrike-101/extras.md) - [Resources](https://gitbook.seguranca-informatica.pt/command-and-control-c-and-c/cobaltstrike-101/resources.md) - [Data Exfiltration](https://gitbook.seguranca-informatica.pt/credentials-exfiltration.md) - [Extracting certs/private keys from Windows using mimikatz and intercepting calls with burpsuite](https://gitbook.seguranca-informatica.pt/credentials-exfiltration/extracting-certs-private-keys-from-windows-using-mimikatz-and-intercepting-calls-with-burpsuite.md): Extracting certs/private keys from certificates that disable private key exporting and use BurpSuite to intercept the requests. - [Doppelganger: Cloning and Dumping LSASS (Win11)](https://gitbook.seguranca-informatica.pt/credentials-exfiltration/doppelganger-cloning-and-dumping-lsass-win11.md) - [Recovery lsass.dmp from Defender Quarantine](https://gitbook.seguranca-informatica.pt/credentials-exfiltration/recovery-lsass.dmp-from-defender-quarantine.md): Decrypt Windows Defender quarantined files using Microsoft’s RC4 algorithm - [CVE & Exploits / CTF](https://gitbook.seguranca-informatica.pt/cve-and-exploits.md) - [Privilege Escalation](https://gitbook.seguranca-informatica.pt/cve-and-exploits/privilege-escalation.md) - [Serialization](https://gitbook.seguranca-informatica.pt/cve-and-exploits/serialization.md) - [CVEs](https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves.md): My submited CVEs - [CHIYU IoT devices](https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chiyu-iot-devices.md): Vulnerabilities found on IoT devices from CHIYU. - [Chamilo-lms-1.11.x - From XSS to account takeover && backdoor implantation](https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities.md): Set of vulnerabilities found on the Chamilo-lms-1.11.x version. - [CVE - Submission Guides](https://gitbook.seguranca-informatica.pt/cve-and-exploits/cve-submission-guides.md): Everything you need to know about MITRE CVE program and your CVE requests. - [Tools](https://gitbook.seguranca-informatica.pt/tools.md) - [Intel](https://gitbook.seguranca-informatica.pt/tools/intel.md) - [OSINT](https://gitbook.seguranca-informatica.pt/tools/osint.md) - [DNS](https://gitbook.seguranca-informatica.pt/tools/dns.md) - [WEB](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns.md) - [API and WS Hacking](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/api-and-ws-hacking.md) - [Web Discovery](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/web-discovery.md) - [Web Fuzzing](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/web-fuzzing.md) - [Path Traversal](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/path-traversal.md) - [GraphQL](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/graphql.md) - [JWT](https://gitbook.seguranca-informatica.pt/tools/web-and-and-dns/jwt.md) - [Infrastructure and Network](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network.md) - [Scan and Discovery](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/scan-and-discovery.md) - [Network mapper](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/scan-and-discovery/network-mapper.md) - [Automated Scanners](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/automated-scanners.md) - [Misc](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/misc.md) - [Active Directory](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/active-directory.md) - [Burpsuite with Kerberos Auth](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/active-directory/burpsuite-with-kerberos-auth.md) - [Cloud & Azure](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/cloud-and-azure.md) - [Command and Control (C\&C)](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/command-and-control-c-and-c.md) - [(De)serialization](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/de-serialization.md) - [Lateral Movement](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/lateral-movement.md) - [Powershell](https://gitbook.seguranca-informatica.pt/tools/infrastructure-and-network/powershell.md) - [Privilege Escalation](https://gitbook.seguranca-informatica.pt/tools/privilege-escalation.md) - [Exfiltration](https://gitbook.seguranca-informatica.pt/tools/exfiltration.md) - [Persistence](https://gitbook.seguranca-informatica.pt/tools/persistence.md) - [Password & Cracking](https://gitbook.seguranca-informatica.pt/tools/password-and-cracking.md) - [Wordlists](https://gitbook.seguranca-informatica.pt/tools/password-and-cracking/wordlists.md) - [Tips](https://gitbook.seguranca-informatica.pt/tools/password-and-cracking/tips.md) - [Rainbow Crackalack](https://gitbook.seguranca-informatica.pt/tools/password-and-cracking/rainbow-crackalack.md) - [Static Code Analysis](https://gitbook.seguranca-informatica.pt/tools/static-code-analysis.md) - [Reporting](https://gitbook.seguranca-informatica.pt/tools/reporting.md) - [Resources](https://gitbook.seguranca-informatica.pt/resources.md) - [Pwnage](https://gitbook.seguranca-informatica.pt/pwnage.md) - [WiFi](https://gitbook.seguranca-informatica.pt/pwnage/wifi.md) - [HOSTAPD-WPE](https://gitbook.seguranca-informatica.pt/pwnage/wifi/hostapd-wpe.md) - [Rogue APP](https://gitbook.seguranca-informatica.pt/pwnage/wifi/rogue-app.md) - [WPA3 Downgrade attack](https://gitbook.seguranca-informatica.pt/pwnage/wifi/wpa3-downgrade-attack.md) - [NRF](https://gitbook.seguranca-informatica.pt/pwnage/nrf.md) - [rubber ducky](https://gitbook.seguranca-informatica.pt/pwnage/rubber-ducky.md) - [Unpacking](https://gitbook.seguranca-informatica.pt/unpacking.md) - [Basic tips](https://gitbook.seguranca-informatica.pt/basic-tips.md) - [Malware instrumentation with frida](https://gitbook.seguranca-informatica.pt/binary-instrumentation-with-frida.md) - [Tools](https://gitbook.seguranca-informatica.pt/tools-1.md) - [Debuggers / Disassemblers](https://gitbook.seguranca-informatica.pt/tools-1/debuggers-disassemblers.md) - [Decompilers](https://gitbook.seguranca-informatica.pt/tools-1/decompilers.md) - [Detection and Classification](https://gitbook.seguranca-informatica.pt/tools-1/detection-and-classification.md) - [Deobfuscation](https://gitbook.seguranca-informatica.pt/tools-1/deobfuscation.md) - [Debugging and Reverse Engineering](https://gitbook.seguranca-informatica.pt/tools-1/debugging-and-reverse-engineering.md) - [Memory](https://gitbook.seguranca-informatica.pt/tools-1/memory.md) - [File Analysis](https://gitbook.seguranca-informatica.pt/tools-1/file-analysis.md) - [Emulators](https://gitbook.seguranca-informatica.pt/tools-1/emulators.md) - [Network Traffic Analysis](https://gitbook.seguranca-informatica.pt/tools-1/network-traffic-analysis.md) - [Other](https://gitbook.seguranca-informatica.pt/tools-1/other.md) - [Online Tools](https://gitbook.seguranca-informatica.pt/tools-1/online-tools.md) - [Resources](https://gitbook.seguranca-informatica.pt/resources-1.md) - [DFIR FTK Imager](https://gitbook.seguranca-informatica.pt/resources-1/dfir-ftk-imager.md) - [Convert IP Range into CIDR](https://gitbook.seguranca-informatica.pt/resources-1/convert-ip-range-into-cidr.md) - [Parsing Large Raw Files and Excluding Country IP Address Ranges](https://gitbook.seguranca-informatica.pt/resources-1/parsing-large-raw-files-and-excluding-country-ip-address-ranges.md): With this script we can analyze raw logs, extract IP addresses from a specific country and then analyze the rest of the log. - [Windows Logs Automation](https://gitbook.seguranca-informatica.pt/resources-1/windows-logs-automation.md) - [amcache.hve](https://gitbook.seguranca-informatica.pt/resources-1/windows-logs-automation/amcache.hve.md) - [Windows EventViewer Analysis | DFIR](https://gitbook.seguranca-informatica.pt/resources-1/windows-eventviewer-analysis-or-dfir.md) - [Prevent Windows shutdown after license expire](https://gitbook.seguranca-informatica.pt/resources-1/prevent-windows-shutdown-after-license-expire.md) - [Firewall raw Logs](https://gitbook.seguranca-informatica.pt/resources-1/firewall-raw-logs.md): Finding malicious IP addresses in raw logs. - [Tools](https://gitbook.seguranca-informatica.pt/mobile/tools.md) - [Reverse iOS ipa](https://gitbook.seguranca-informatica.pt/mobile/reverse-ios-ipa.md) - [Jailbreak](https://gitbook.seguranca-informatica.pt/mobile/reverse-ios-ipa/jailbreak.md) - [Install Frida iPhone 5S](https://gitbook.seguranca-informatica.pt/mobile/reverse-ios-ipa/install-frida-iphone-5s-+-ios-11.md) - [Frida instrumentation](https://gitbook.seguranca-informatica.pt/mobile/reverse-ios-ipa/frida-instrumentation.md) - [Resources / Extra features](https://gitbook.seguranca-informatica.pt/mobile/reverse-ios-ipa/resources.md) - [Reverse Android APKs](https://gitbook.seguranca-informatica.pt/mobile/reverse-android-apks.md) - [Android Dynamic Analysis](https://gitbook.seguranca-informatica.pt/mobile/reverse-android-apks/android-dinamic-analysis.md) - [Bypass root + Frida](https://gitbook.seguranca-informatica.pt/mobile/reverse-android-apks/bypass-root-+-frida.md): Bypass Android root protection with frida. - [SSL unpining frida + Fiddler/Burp](https://gitbook.seguranca-informatica.pt/mobile/reverse-android-apks/ssl-unpining-frida-+-fiddler-burp.md) - [Backdooring/patch APKs](https://gitbook.seguranca-informatica.pt/mobile/reverse-android-apks/backdooring-patch-apks.md) - [Basic tips](https://gitbook.seguranca-informatica.pt/mobile/basic-tips.md) - [Resources](https://gitbook.seguranca-informatica.pt/mobile/resources.md) - [Basic tips](https://gitbook.seguranca-informatica.pt/arm/basic-tips.md) - [Repair NTFS dirty disks](https://gitbook.seguranca-informatica.pt/arm/basic-tips/repair-ntfs-dirty-disks.md) - [Reverse IoT devices](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices.md) - [Reverse TP-Link Router TL-WR841N](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices/reverse-tp-link-router-tl-wr841n.md): How to start doing reverse on IoT Firmware - [Reverse Trendnet TS-S402 firmware](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices/reverse-trendnet-ts-s402-firmware.md): Start reversing Trendnet TS-S402 firmware device. - [Full emulate Netgear WNAP320](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices/full-emulate-netgear-wnap320.md): In this article we are going to full emulate the Netgear WNAP320 router. - [Reverse ASUS RT-AC5300](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices/reverse-asus-rt-ac5300.md) - [Reverse LinkOne devices](https://gitbook.seguranca-informatica.pt/arm/reverse-iot-devices/reverse-linkone-devices.md) - [Tools](https://gitbook.seguranca-informatica.pt/arm/tools.md) - [Qemu + buildroot 101](https://gitbook.seguranca-informatica.pt/arm/tools/qemu-101.md) - [Kernel](https://gitbook.seguranca-informatica.pt/arm/tools/kernel.md) - [Resources](https://gitbook.seguranca-informatica.pt/arm/resources.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://gitbook.seguranca-informatica.pt/master.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.