The Mordor Project
Simulation Labs
The Shire
How To
Consume Datasets
Create Datasets
Events
Mordor Events!
Small Datasets
Windows
Execution
Covenant PowerShell Remoting Command
SharpView PCRE.NET
Covenant Remote WMI Wbemcomn DLL Hijacking
Covenant SharpWMI Exec
Remote Scheduled Task Modification
Empire Invoke PSRemoting
Remote Scheduled Task Creation
Python HTTP Server
Exchange ProxyLogon SSRF RCE Vuln POC
Empire Invoke DCOM ShellWindows
Covenant Remote WMI Eventing ActiveScriptEventConsumers
Empire Invoke PsExec
PowerShell HTTP Listener
Empire Invoke Execute MSBuild
Empire Remote WMIC Add User
Empire Invoke WMI
Empire VBS Execution
Covenant ShellCmd InstallUtil
Persistence
Remote Scheduled Task Modification
Empire Userland Registry Run Keys
Remote Scheduled Task Creation
Empire Userland Scheduled Tasks
Bitsadmin Download Malicious File
Empire Elevated WMI Eventing
Empire Elevated Scheduled Tasks
Logon Scripts via UserInitMprLogonScript
Exchange ProxyLogon SSRF RCE Vuln POC
Empire Elevated Registry Run Keys
IKEEXT Remote Service DLL Hijack
Service Modification Fax
Privilege Escalation
Invoke BypassUAC FodHelper
Remote Scheduled Task Modification
Remote Scheduled Task Creation
PurpleSharp PE Injection CreateRemoteThread
Empire Elevated WMI Eventing
Empire Invoke DLLInjection
Windows Vault Web Credentials
Empire PSInject
Mavinject Process DLL Injection
IKEEXT Remote Service DLL Hijack
Service Modification Fax
Process Herpaderping Mimikatz
Defense Evasion
CMSTP Proxy Execution
Empire WDigest Downgrade
HH Execution of Local Compiled HTML Payload
Empire Enable RDP
Register-CimProvider Execute Dll
Netsh Open FW Proxy Ports
PurpleSharp PE Injection CreateRemoteThread
Bitsadmin Download Malicious File
Covenant Wuauclt CreateRemoteThread Execution
Mshta VBScript Execute PowerShell
Mshta HTML Application (HTA) Execution
Empire Over-Pass-The-Hash
Empire Invoke DLLInjection
Windows Vault Web Credentials
WMIC Remote XSL Jscript Execution
Empire Regsvr32 Execution
Empire PSInject
Control Panel Execution
Mavinject Process DLL Injection
Mshta Javascript GetObject Sct
IKEEXT Remote Service DLL Hijack
Empire Powerview Add-DomainObjectAcl
Empire Invoke InternalMonologue
Process Herpaderping Mimikatz
Covenant ShellCmd InstallUtil
Credential Access
SAM Copy via Esentutl VSS
Empire Reg Dump SAM Hive
PurpleSharp Active Directory Playbook I
RDP TaskManager LSASS Dump
Empire Mimikatz SAM Extract Hashes
Lsass Memory Dump via Syscalls
Empire DCSync
Empire Mimikatz Backup Keys
Psexec Reg LSA Secrets Dump
UI Prompt For Credentials Function
Empire Mimikatz LogonPasswords
Rubeus Userland ASKTGT PTT
Lsass Memory Dump via Comsvcs.dll
Empire Powerdump Extract Hashes
Empire Mimikatz Lsadump LSA Patch
Covenant DCSync
Rubeus Elevated ASKTGT CreateNetOnly
Empire Mimikatz Extract Kerberos Keys
Discovery
Covenant GetDomainGroup Domain Admins
PurpleSharp Active Directory Playbook I
Internet Explorer Version Discovery
Empire Shell Net Domain Admins
Empire Remote Get Session
Empire Net Local Administrators Group
Seatbelt Group User Discovery
Empire Find Local Admin Access
Empire Net Domain Users
Empire Net Local Users
Lateral Movement
Empire Invoke SMBExec
Covenant PowerShell Remoting Command
Covenant Remote WMI Wbemcomn DLL Hijacking
DCOM RegisterXLL
Covenant SharpWMI Exec
Remote Scheduled Task Modification
PurpleSharp Active Directory Playbook I
Covenant SharpSC Start
Covenant Remote File Copy
Empire Invoke PSRemoting
Remote Scheduled Task Creation
Covenant SharpSC Create
Covenant Remote DCOM Iertutil DLL Hijacking
Empire Over-Pass-The-Hash
Covenant SharpSC Stop Service
Empire Invoke DCOM ShellWindows
Covenant Remote WMI Eventing ActiveScriptEventConsumers
Empire Invoke PsExec
Covenant SharpSC Query
DCOM ExecuteExcel4macro
Covenant SC.exe Utility Query
Empire Invoke Execute MSBuild
Empire Remote WMIC Add User
Mimikatz Netlogon Unauthenticated NetrServerAuthenticate2
Empire Invoke WMI
Collection
UI Prompt For Credentials Function
MSF Record Mic
Linux
MAC
AWS
.md
.pdf
repository
open issue
suggest edit
Contents
Privilege Escalation
ΒΆ
Service Modification Fax
Invoke BypassUAC FodHelper