📚【MOC】活动目录
1. MOC
📂 未分类
| 📄 文件名15 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 钻石票据&蓝宝石票据 | 2025-03-14 21:19 | #AD域, #内网安全, #黄金票据, #白银票据, #钻石票据, #蓝宝石票据, #小迪安全学习笔记 |
| CDN绕过技巧 | 2025-03-14 21:19 | #CDN, #信息收集 |
| CTF中各种花式绕过 | 2025-03-14 21:19 | #ctf, #Bypass |
| HasSession | 2025-03-14 21:19 | #HasSession, #域渗透, #Bloodhound分析 |
| SIDHistory | 2025-03-14 21:19 | #域渗透 |
| Bypass rbash | 2025-03-14 21:19 | #rbash, #shell |
| Redis dll劫持 | 2025-03-14 21:19 | #dll劫持 |
| SeLoadDriverPrivilege | 2025-03-14 21:19 | #SeLoadDriverPrivilege, #windows提权 |
| 代理池搭建与爆破 | 2025-03-14 21:19 | #隧道代理, #代理池, #爆破 |
| 默认受保护组 | 2025-03-14 21:19 | #默认受保护组 |
| 水坑攻击 | 2025-04-27 22:29 | #水坑攻击, #权限维持 |
| SNMP利用 | 2025-08-04 23:38 | #SNMP |
| 【收集】 | 2025-09-21 00:06 | #input |
| AD域环境搭建 | 2026-01-25 19:30 | #环境搭建 |
| Active Directory Overview | 2026-03-06 23:27 | #AD |
📁 6-补充
| 📄 文件名20 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 1.LSA、SAM、NTDS区别 | 2025-06-26 18:46 | #渗透姿势库 |
| 2.活动目录 | 2025-06-28 13:03 | #AD域 |
| kerberos web Authentication | 2025-10-01 19:59 | #kerberos, #web |
| firefox 配置 negotiate-auth | 2025-10-01 20:24 | #negotiate-auth, #kerberos, #firefox |
| SPN | 2025-10-12 20:58 | #SPN |
| evil-winrm | 2025-10-24 23:26 | #winRM |
| evil-winrm-py | 2025-10-24 23:51 | #evil-winrm |
| Windows Permission Inheritance | 2025-10-26 01:40 | #windows, #DACL, #inhertance |
| Volume Shadow Copies | 2025-10-28 00:29 | #SecretsDump, #VolumeShadowCopies |
| WSL | 2025-11-01 01:47 | #WSL |
| Erlang | 2025-11-02 22:31 | #erlang, #EPMD |
| NTFS隐写 | 2025-11-19 23:24 | #MISC, #NTFS隐写 |
| GPP Password | 2025-11-20 00:05 | #GPP_Password |
| Microsoft Access | 2025-11-22 00:08 | |
| Linux SSSD | 2026-01-04 23:43 | #LInux_SSSD, #krb5_keytab |
| pyc poisoning | 2026-01-13 14:13 | #PYC_Poisoning, #权限维持 |
| Shell Arithmetic Command Injection | 2026-01-13 14:26 | #Command_Injection, #shell |
| Python exploit | 2026-01-14 22:49 | #python, #hijacking, #pyc, #PYC_Poisoning |
| 如何把本地计算机加入域 | 2026-01-16 20:35 | #AD域 |
| LSASS | 2026-04-19 17:30 | #LSA, #LSASS, #凭证转储 |
📁 7-sudo提权
| 📄 文件名2 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 1.Mosh | 2025-08-05 00:25 | #Mosh |
| 2.npbackup-cli | 2025-08-20 00:12 | #npbackup-cli |
📁 ADCS
| 📄 文件名9 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| ADCS介绍 | 2025-03-14 21:19 | #域渗透, #证书, #ADCS |
| 1.Certificate templates | 2025-05-25 23:58 | |
| 2.Certificate authority(CA) | 2025-05-25 23:59 | |
| 3.Access controls(访问控制) | 2025-05-25 23:59 | |
| 4.Unsigned endpoints(未签名端点) | 2025-05-26 00:00 | |
| Certifried | 2025-05-26 00:01 | |
| 【MOC】ADCS | 2026-03-10 12:37 | #moc, #ADCS |
| ADCS Enumeration | 2026-03-10 15:31 | #ADCS |
| 证书映射 | 2026-04-21 22:24 | #证书映射, #ADCS |
📁 ADCS/ESC
| 📄 文件名12 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| ESC16 | 2025-05-26 00:03 | #ADCS, #ESC16 |
| ESC15 | 2025-06-27 19:52 | #ADCS, #ESC15 |
| ESC14 | 2025-07-08 11:18 | #ADCS, #ESC14 |
| ESC10 | 2025-07-21 17:12 | #ESC10, #ADCS |
| ESC4 | 2025-10-13 17:00 | #ESC4, #ADCS |
| ESC5 | 2025-10-13 17:00 | #ESC5, #ADCS |
| ESC6 | 2025-10-13 17:04 | #ESC6, #ADCS |
| ESC7 | 2025-10-13 17:04 | #ESC7, #ADCS |
| ESC8 | 2025-10-13 17:04 | #ADCS, #ESC8 |
| ESC11 | 2025-10-13 17:06 | #ESC11, #ADCS |
| ESC17 | 2026-04-19 23:41 | #input |
| ESC13 | 2026-04-26 11:52 | #ESC13, #ADCS |
📁 ADCS/ESC/滥用证书模板
| 📄 文件名4 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| ESC3 | 2025-06-25 15:31 | #ESC3, #ADCS |
| ESC9 | 2025-07-07 23:04 | #ADCS, #ESC9 |
| ESC1 | 2025-08-08 00:19 | #ESC1, #ADCS, #SAN |
| ESC2 | 2025-10-13 16:55 | #ESC2, #ADCS |
📁 DC-Vuln
| 📄 文件名4 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| NoPAC | 2026-02-22 21:00 | #NoPAC, #SamAccountName_Spoofing |
| 【MOC】DC_Vuln | 2026-03-13 10:25 | #moc, #域控漏洞 |
| PrintNightmare | 2026-03-13 12:19 | #CVE, #windows提权, #CVE-2021-34527, #打印机 |
| PetitPotam | 2026-03-13 20:10 | #PetitPotam |
📁 Evasion
| 📄 文件名1 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| AppLocker | 2025-03-14 21:19 | #AppLocker, #应用程序控制策略 |
📁 LDAP
| 📄 文件名5 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| LDAP Enum | 2025-05-09 23:43 | #LDAP, #信息收集, #域渗透 |
| LDAP Anonymous Bind | 2026-03-03 00:14 | #LDAP_Anonymous_Bind |
| LDAP Signing&Channel Binding | 2026-03-03 21:07 | #LDAP |
| LDAP Overview | 2026-03-06 23:24 | #LDAP |
| 【MOC】LDAP | 2026-03-07 13:11 | #moc |
📁 Movement
| 📄 文件名4 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| PTH | 2025-03-14 21:19 | #PTH |
| WSUS | 2026-01-04 01:41 | #LPE, #WSUS |
| AutoLogon | 2026-01-27 14:47 | #AutoLogon |
| RODC | 2026-04-06 23:19 |
📁 Movement/1-Credentials
| 📄 文件名3 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| DCSync | 2025-03-14 21:19 | #域渗透, #DCSync |
| SAM & LSA secrets | 2025-03-14 21:19 | #域渗透 |
| Secrets dump | 2025-03-15 16:31 | #域渗透 |
📁 Movement/1-Credentials/1-Dumping
📁 Movement/2-MITM coerced-auths
| 📄 文件名9 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 00-MITM coerced-auths(中间人攻击与强制认证) | 2025-05-25 23:25 | #域渗透, #MITM |
| 1.arp欺骗 | 2025-05-25 23:28 | |
| 2.DNS欺骗 | 2025-05-25 23:29 | |
| 3.DHCPv6欺骗 | 2025-05-25 23:29 | |
| 4.WSUS 欺骗 | 2025-05-25 23:29 | |
| LLMNR NBT-NS mDNS Response Spoofing | 2025-05-25 23:29 | #LLMNR/NBT-NS_Resonse_spoofing, #LLMNR |
| ADIDNS poisoning | 2025-05-25 23:30 | #ADIDNS_poisoning |
| 7.WPAD欺骗 | 2025-05-25 23:30 | |
| 【MOC】MITM | 2026-03-08 19:45 | #moc |
📁 Movement/4-Kerberos
📁 Movement/4-Kerberos/Delegations
| 📄 文件名6 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Delegations | 2025-03-25 23:08 | #约束性委派, #非约束性委派, #基于资源的约束委派, #RBCD |
| Unconstrained delegation | 2025-05-25 23:44 | #AD域, #Trusts, #UnconstrainedDelegation |
| Constrained Delegation | 2025-05-25 23:45 | #KCD, #ConstrainedDelegation, #Delegation |
| RBCD | 2025-05-25 23:46 | #RBCD, #Delegation |
| S4U2self abuse | 2025-05-25 23:46 | |
| 5.Bronze Bit | 2025-05-25 23:47 |
📁 Movement/4-Kerberos/Forged tickets
| 📄 文件名6 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Golden Ticket | 2025-05-12 12:05 | #kerberos, #域渗透, #票据, #权限维持, #横向移动 |
| silver ticket | 2025-05-12 12:16 | #横向移动, #权限维持, #域渗透, #票据 |
| 3.钻石票据 | 2025-05-25 23:38 | |
| 4.蓝宝石票据 | 2025-05-25 23:39 | |
| RODC黄金票据 | 2025-05-25 23:40 | #RODC, #黄金票据, #RODC黄金票据, #Key_List_Attack |
| MS14-068 | 2025-05-25 23:42 | #kerberos, #trcket |
📁 Movement/5-DACL abuse
| 📄 文件名18 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| AddMember | 2025-05-25 23:55 | #AD域 |
| ForceChangePassword | 2025-05-25 23:55 | #AD域, #DACL_Abuse |
| 4.ReadLAPSPassword | 2025-05-25 23:55 | #ReadLAPSPassword |
| ReadGMSAPassword | 2025-05-25 23:55 | #gMSA |
| WriteOwner | 2025-05-25 23:56 | #DACL_Abuse, #grant-ownership, #Ownership, #WriteOwner |
| 7.Grant rights | 2025-05-25 23:56 | |
| 8.Logon script | 2025-05-25 23:56 | |
| 9.Rights on RODC object | 2025-05-25 23:56 | |
| GPOAbuse | 2025-07-07 11:43 | #GPOAbuse |
| 11.All attributes | 2025-07-20 21:34 | #attributes, #DACL_Abuse, #手动枚举 |
| GenericWrite | 2025-10-22 01:10 | #DACL_Abuse, #DACL, #GenericWrite |
| nTSecurityDescriptor | 2025-10-24 10:48 | #ACL, #windows |
| Write Dacl | 2025-10-25 01:28 | #DACL |
| UPN Spoofing | 2026-01-19 16:29 | #UPN_Spoofing, #LInux_SSSD, #kerberos, #GSSAPI, #SSPI, #DACL_Abuse |
| Write Property | 2026-03-05 21:10 | #input |
| 【MOC】DACL Abuse | 2026-03-08 19:43 | #moc, #DACL_Abuse, #DACL |
| WriteAccountRestrictions | 2026-04-06 09:51 | #input |
| Login Script | 2026-04-06 10:02 | #Login_Script, #scriptPath, #DACL_Abuse |
📁 Movement/6-Netlogon
| 📄 文件名1 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Zerologon | 2025-05-11 22:06 | #zerologon, #横向移动, #域渗透, #netlogon |
📁 Movement/8-组策略
| 📄 文件名1 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 组策略 | 2025-05-25 23:57 |
📁 Movement/Exchange
| 📄 文件名5 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Exchange 枚举 | 2026-03-16 18:25 | #Exchange |
| Exchange 漏洞 | 2026-03-16 22:25 | #Exchange, #ProxyShell |
| Exchange 钓鱼 | 2026-03-16 22:44 | #Exchange, #钓鱼 |
| Exchange防御 | 2026-03-16 23:05 | #Exchange |
| 【MOC】Exchange | 2026-03-17 15:00 | #moc, #Exchange |
📁 Movement/MSSQL
| 📄 文件名8 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| impacket-mssqlclient | 2025-10-08 22:21 | #impacket, #MSSQL |
| MSSQL introduciton | 2026-03-14 16:19 | #MSSQL |
| MSSQL提权 | 2026-03-15 01:39 | #MSSQL, #PrivilegeEscalation |
| MSSQL命令执行 | 2026-03-15 02:39 | #MSSQL, #OLE |
| MSSQL 横向移动 | 2026-03-16 13:45 | #MSSQL |
| PowerUpSQL | 2026-03-16 15:42 | #MSSQL, #PowerUpSQL |
| MSSQL 防御 | 2026-03-16 16:25 | |
| 【MOC】MSSQL | 2026-03-16 18:24 | #moc, #MSSQL |
📁 Movement/NTLM Relay
| 📄 文件名3 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 【MOC】NTLM Relay | 2026-03-08 19:47 | #moc, #NTLM_Relay |
| NTLM Authentication Protocol | 2026-03-10 17:25 | #input |
| NTLM Realy Introduction | 2026-03-10 20:36 | #NTLM_Relay, #NTLM_Reflection |
📁 Movement/NTLM Relay/Authentication Coercion
| 📄 文件名2 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Farming Hashes(shares webdev mssql) | 2026-03-11 11:14 | #NTLM_Relay, #Authentication_Coercion, #ntlm_theft |
| Authentication Coercion | 2026-03-11 13:44 | #Authentication_Coercion, #NTLM_Relay |
📁 Movement/NTLM Relay/NTLM Relay Attack
| 📄 文件名7 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| NTLM Relay | 2025-03-14 21:19 | #NTLM_Relay |
| NTLM Reflection | 2025-10-14 10:34 | #CVE-2025-33073, #NTLM_Reflection |
| NTLM Relay over SMB | 2026-03-10 22:16 | #SMB, #NTLM_Relay |
| NTLMRelayx Advanced Use | 2026-03-10 23:01 | #NTLM_Relay, #ntlmrelayx |
| NTLM Cross-protocol Relay | 2026-03-10 23:34 | #NTLM_Relay, #NTLM_Cross-protocol |
| NTLM Relay Attacks Kerberos | 2026-03-11 14:36 | #NTLM_Relay, #kerberos, #RBCD, #Shadow_Credentials |
| NTLM Relay Attacks Targeting AD CS | 2026-03-11 15:09 | #ADCS, #NTLM_Relay |
📁 Movement/Remote Service
| 📄 文件名4 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 【MOC】Remote Service | 2026-03-12 16:12 | #moc, #Remote_Service |
| RDP | 2026-03-12 16:13 | #Remote_Service, #RDP |
| SMB | 2026-03-12 17:02 | #SMB |
| WMI | 2026-03-12 19:04 | #WMI, #Remote_Service |
📁 Movement/SCCM
| 📄 文件名5 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| SCCM介绍 | 2026-03-17 15:00 | #SCCM |
| SCCM利用 | 2026-03-17 22:32 | #SCCM |
| SCCM站点接管 | 2026-03-17 23:40 | #SCCM, #MSSQL, #NTLM_Relay |
| SCCM后渗透 | 2026-03-18 19:15 | #SCCM |
| SCCM防御 | 2026-03-18 19:53 | #SCCM |
📁 Movement/Trusts
| 📄 文件名4 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| AD Trusts Expliot | 2025-10-08 21:39 | #AD域, #Trusts |
| Mssql_links Abuse in AD Trusts | 2025-10-08 21:59 | #MSSQL, #Trusts |
| 【MOC】Trusts | 2026-03-07 13:34 | #moc, #域信任 |
| 防御域信任攻击 | 2026-03-09 22:31 | #Detection, #Trusts |
📁 Movement/Trusts/Cross Forest
| 📄 文件名8 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 跨林攻击-概要 | 2026-03-09 12:15 | #Trusts |
| 跨林攻击-信任账户 | 2026-03-09 15:11 | #Trusts, #Trust_Account, #PSSession, #kerberoasting |
| 跨林攻击-非约束委派 | 2026-03-09 16:21 | #Trusts, #非约束委派 |
| 跨林攻击-SID History注入 | 2026-03-09 17:38 | #SID_History, #Trusts |
| 跨林攻击-Bypass SID Filter | 2026-03-09 18:17 | #SID_Filter, #Bypass, #Trusts |
| 跨林攻击-SQL Server Links | 2026-03-09 20:12 | #MSSQL, #sqlserver, #Trusts |
| 跨林攻击-外部安全主体&ACLs | 2026-03-09 21:20 | #Trusts, #ACL, #Foreign_Security_Principals |
| 跨林攻击-PAM 信任 | 2026-03-09 22:00 | #PAM, #Trusts, #堡垒林 |
📁 Movement/Trusts/Enum
| 📄 文件名2 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Trusts Overview | 2026-03-07 13:35 | #域信任, #Get-ADTrust |
| Trusts Enum | 2026-03-07 13:45 | #Trusts |
📁 Movement/Trusts/Intra Forest
| 📄 文件名8 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| 林内攻击-无约束委派 | 2026-03-07 17:28 | #非约束委派, #Trusts |
| 林内攻击-配置命名上下文 | 2026-03-07 17:31 | #配置命名上下文, #Trusts |
| 林内攻击-ADCS ESC1 | 2026-03-07 17:32 | #ADCS, #ESC1, #Trusts |
| 林内攻击-GPO on site Attack | 2026-03-07 17:34 | #GPOAbuse, #Trusts |
| 林内攻击-GoldenGMSA | 2026-03-07 18:43 | #GoldenGMSA, #Trusts |
| 林内攻击-DNS Trust | 2026-03-07 22:24 | #Trusts, #DNS |
| 林内攻击-Foreign Groups & ACL Principals | 2026-03-08 16:03 | #Foreign_Groups, #ACL_Principals, #Trusts |
| 林内攻击-ExtraSids Attack | 2026-03-08 18:41 | #ExtraSids, #Trusts, #HasSIDHistory |
📁 Privilege Escalation/User Rights
| 📄 文件名5 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| SeManageVolumePrivilege | 2025-06-25 09:48 | #SeManageVolumePrivilege |
| SeImpersonatePrivilege | 2025-10-13 19:16 | #SeImpersonatePrivilege, #PrivilegeEscalation, #土豆提权 |
| SeBackupPrivilege | 2025-10-13 19:19 | #SeBackupPrivilege, #PrivilegeEscalation |
| SeEnableDelegationPrivilege | 2025-10-13 23:40 | #SeEnableDelegationPrivilege, #PrivilegeEscalation, #Delegation |
| SeAssignPrimaryTokenPrivilege | 2025-12-28 22:12 | #input |
📁 Reconnaissance
| 📄 文件名18 | 📅 创建时间 | 🏷️ 标签 |
|---|---|---|
| Domain Recon | 2025-05-09 23:41 | #信息收集, #内网安全, #域渗透 |
| DHCP | 2025-05-09 23:42 | #DHCP, #信息收集, #域渗透 |
| DNS | 2025-05-09 23:43 | #信息收集, #域渗透, #DNS |
| NBT-NS | 2025-05-09 23:43 | #信息收集, #域渗透, #NBT-NS |
| Responder | 2025-05-09 23:43 | #域渗透, #Responder, #NTLM_Relay |
| BloodHound | 2025-05-09 23:44 | #域渗透, #信息收集, #Bloodhound分析 |
| MS-RPC | 2025-05-09 23:45 | #MS-RPC, #信息收集, #域渗透, #RID-Cycling, #IObjectExporter |
| Enum4linux | 2025-05-09 23:45 | #Enum4linux, #域渗透, #信息收集 |
| Password policy | 2025-05-09 23:45 | #信息收集, #域渗透, #密码策略 |
| Common AD Ports | 2025-05-09 23:51 | #端口扫描, #信息收集, #域渗透 |
| NFS | 2025-07-20 22:55 | #NFS, #信息收集 |
| SMB Null Session | 2025-08-07 22:13 | #SMB, #信息收集, #SMB空会话 |
| ISAKMP udp(500) | 2025-09-21 11:35 | #ISAKMP, #IPSEC, #IKE |
| Pre-Windows 2000 computers | 2026-03-01 14:05 | #Pre-Windows2000, #pre2k |
| SMB Signing | 2026-03-03 21:06 | #SMB |
| MachineAccountQuota | 2026-03-03 21:09 | #MachineAccountQuota |
| Domain Controller Coercion | 2026-03-03 23:18 | #PrinterBug, #PetitPotam, #ShadowCoerce, #DFSCoerce |
| SMB Shares | 2026-03-03 23:28 | #SMB_Shares, #SMB |