⚙️CRTP Methodology
This Methodology is intended to help to stay focus and don't miss anything during the exam.
Last updated
This Methodology is intended to help to stay focus and don't miss anything during the exam.
Last updated
CRTP consists on Live Of The Land then no phishing, no exploits, and no CVEs.
The exam environment won't include any tools, but we can add the tools we need to a specific folder in Windows Defender exclusion settings.
What you have learned in the course is everything you need in order to pass the exam.
The exam goal is to execute OS command on 5 targets not matter what privileges the user have
Enumerate PS Language Mode -
if the Language is constrained: try to bypass using PS v2 or
Bypass AMSI every new PowerShell session -
Also can be used
check our privileges using whoami /all
Unquoted Service
Modifiable Service File
Modifiable Service
Once we are Local admin use Credentials Dumping to find other users logons
Better to write down the interesting ACL so they might be useful later
BloodHound is very useful visualizing ACLs
Start to build up a mind map for attacking paths
Domain
Domain Controller
Users
Computers
Domain and Enterprise Administrators
OUs
GPOs
SPNs
Understand trusts and map them between the domains
Delegations - Search for Delegations
abusing ACL can lead
Reset user password
Credentials Dumping after getting Admin privileges then moving inside the domain using Over Pass The Hashthen spawn PowerShell session using WinRM.
Trusts - After abusing Trust keys or krbtgt of trusted domain it is possible to abuse other forest abusing Inter-Realm TGT
Use and discover the vectors:
- Hunt for local admin access
- Hunt for local admin access