CRTP - Certified Red Team Pentesting Notes

This repository contains my notes while preparing for the CRTP (Certified Red Team Pentesting) Certification. These notes were a valuable resource during my study sessions, helping me reinforce critical concepts and improve my understanding of various red teaming and penetration testing topics.

Please note that these notes are based on my understanding and may only be comprehensive or suitable for some. They are intended to supplement other study materials and should not be considered a standalone resource for exam preparation. Content

Table of Contents

Main

• Methodology Master

• Misc Notes

Domain Enumeration

• Basic
• GPO
• ACL
• Trusts
• BloodHound

Local Priv Esc (Privilege Escalation)

• Autorun
• AlwaysInstallElevated
• Service Registry
• Executable Files
• Startup Applications
• DLL Hijacking
• BinPath
• Unquoted Service Paths
• Juicy potato attack
• Hot Potato attack
• Kernel Exploits
• Password Mining Escalation - Firefox
• Runas-Savdcreds
• Backup Operators
• Abusing GPO permissions
• Export LAPS Passwords

Lateral Movement

• Invoke Command
• Invoke Mimikatz

Domain Persistence

• Golden Ticket
• Silver Ticket
• Skeleton Key

Domain Priv Esc (Privilege Escalation)

• Kerberosting
• Unconstrained Delegation
• Constrained Delegation

Forest Trust Abuse

• Ticket Abuse
• MSSQL Abuse