参考链接
========================================

Windows
----------------------------------------
- `Windows 威胁防护 <https://docs.microsoft.com/zh-cn/windows/security/threat-protection/>`_
- `文件寄生 NTFS文件流实际应用 <https://gh0st.cn/archives/2017-03-29/1>`_
- `Windows中常见后门持久化方法总结  <https://xz.aliyun.com/t/6461>`_
- `LOLBAS <https://lolbas-project.github.io/#>`_
- `渗透技巧——Windows单条日志的删除 <https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-Windows%E5%8D%95%E6%9D%A1%E6%97%A5%E5%BF%97%E7%9A%84%E5%88%A0%E9%99%A4/>`_
- `windows取证 文件执行记录的获取和清除  <https://xz.aliyun.com/t/7155>`_
- `Getting DNS Client Cached Entries with CIM/WMI <https://www.darkoperator.com/blog/2020/1/14/getting-dns-client-cached-entries-with-cimwmi>`_
- `Windows单机Persistence <https://lengjibo.github.io/Persistence/>`_
- `Dumping RDP Credentials <https://pentestlab.blog/2021/05/24/dumping-rdp-credentials/>`_

域渗透
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `绕过域账户登录失败次数的限制 <https://nosec.org/home/detail/2510.html>`_
- `域渗透总结 <https://mp.weixin.qq.com/s?__biz=Mzg3NzE5OTA5NQ==&mid=2247483807&idx=1&sn=59be50aa5cc735f055db596269a857ce>`_
- `got domain admin on internal network <https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa>`_
- Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques <http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating%20Pass-the-Hash%20(PtH)%20Attacks%20and%20Other%20Credential%20Theft%20Techniques_English.pdf>`_
- `域渗透学习笔记 <https://github.com/uknowsec/Active-Directory-Pentest-Notes>`_
- `QOMPLX Knowledge: Fundamentals of Active Directory Trust Relationships <https://qomplx.com/qomplx-knowledge-fundamentals-of-active-directory-trust-relationships/>`_
- `Kerberos的黄金票据详解 <https://www.cnblogs.com/backlion/p/8127868.html>`_
- `DCShadow explained: A technical deep dive into the latest AD attack technique <https://blog.alsid.eu/dcshadow-explained-4510f52fc19d>`_
- `Active Directory Security <https://adsecurity.org>`_
- `Kerberos AD Attacks Kerberoasting <https://blog.xpnsec.com/kerberos-attacks-part-1/>`_
- `Kerberos之域内委派攻击 <https://xz.aliyun.com/t/7517>`_
- `adsec <https://github.com/cfalta/adsec>`_ An introduction to Active Directory security
- `Attacking Active Directory <https://zer1t0.gitlab.io/posts/attacking_ad/>`_
- `Certified Pre-Owned Abusing Active Directory Certificate Services <https://www.specterops.io/assets/resources/Certified_Pre-Owned.pdf>`_
- `Microsoft Advanced Threat Analytics <https://docs.microsoft.com/zh-cn/advanced-threat-analytics/what-is-ata>`_

权限提升
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `Windows内网渗透提权 <https://www.freebuf.com/articles/system/114731.html>`_
- `UACMe <https://github.com/hfiref0x/UACME>`_ Defeating Windows User Account Control

协议
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- `DEC/RPC <https://github.com/dcerpc/dcerpc>`_
- `The dark side of Microsoft Remote Procedure Call protocols <https://redcanary.com/blog/msrpc-to-attack/>`_

RedTeam
----------------------------------------
- `RedTeamManual <https://github.com/klionsec/RedTeamManual>`_

内网
----------------------------------------
- `内网安全检查 <https://xz.aliyun.com/t/2354>`_
- `我所知道的内网渗透 <https://www.anquanke.com/post/id/92646>`_
- `从零开始内网渗透学习 <https://github.com/l3m0n/pentest_study>`_
- `渗透技巧 从Github下载安装文件 <https://xz.aliyun.com/t/1649/>`_
- `An introduction to privileged file operation abuse on Windows <https://offsec.provadys.com/intro-to-file-operation-abuse-on-Windows.html>`_
- `脚本维权tips <https://xz.aliyun.com/t/4522>`_

Cobalt Strike
----------------------------------------
- `Cobalt Strike 系列笔记 <http://blog.leanote.com/post/snowming/Cobalt-Strike>`_
- `渗透利器Cobalt Strike 第2篇 APT级的全面免杀与企业纵深防御体系的对抗 <https://xz.aliyun.com/t/4191>`_