# Windows
- Windows 威胁防护
- 文件寄生 NTFS 文件流实际应用
- Windows 中常见后门持久化方法总结
- LOLBAS
- 渗透技巧 ——Windows 单条日志的删除
- windows 取证 文件执行记录的获取和清除
- Getting DNS Client Cached Entries with CIM/WMI
- Windows 单机 Persistence
- Dumping RDP Credentials
# 域渗透
- 绕过域账户登录失败次数的限制
- 域渗透总结
- got domain admin on internal network
- Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques
- 域渗透学习笔记
- QOMPLX Knowledge: Fundamentals of Active Directory Trust Relationships
- Kerberos 的黄金票据详解
- DCShadow explained: A technical deep dive into the latest AD attack technique
- Active Directory Security
- Kerberos AD Attacks Kerberoasting
- Kerberos 之域内委派攻击
- adsec An introduction to Active Directory security
- Attacking Active Directory
- Certified Pre-Owned Abusing Active Directory Certificate Services
- Microsoft Advanced Threat Analytics
# 权限提升
- Windows 内网渗透提权
- UACMe Defeating Windows User Account Control
# 协议
- DEC/RPC
- The dark side of Microsoft Remote Procedure Call protocols
# RedTeam
# 内网
- 内网安全检查
- 我所知道的内网渗透
- 从零开始内网渗透学习
- 渗透技巧 从 Github 下载安装文件
- An introduction to privileged file operation abuse on Windows
- 脚本维权 tips
# Cobalt Strike
- Cobalt Strike 系列笔记
- 渗透利器 Cobalt Strike 第 2 篇 APT 级的全面免杀与企业纵深防御体系的对抗
