The Mordor Project
Mordor Environments
The Shire
Erebor
How To
Create Mordor Datasets
Consume Mordor Datasets
Events
Mordor Events!
Small Mordor Datasets
Windows
Execution
Covenant PowerShell Remoting Command
Covenant Remote WMI Wbemcomn DLL Hijacking
Covenant SharpWMI Exec
Empire Invoke PSRemoting
Empire Invoke DCOM ShellWindows
Covenant Remote WMI Eventing ActiveScriptEventConsumers
Empire Invoke PsExec
Empire Invoke Execute MSBuild
Empire Remote WMIC Add User
Empire Invoke WMI
Empire VBS Execution
Covenant ShellCmd InstallUtil
Persistence
Empire Userland Registry Run Keys
Empire Userland Scheduled Tasks
Empire Elevated WMI Eventing
Empire Elevated Scheduled Tasks
Empire Elevated Registry Run Keys
IKEEXT Remote Service DLL Hijack
Privilege Escalation
Invoke BypassUAC FodHelper
Empire Elevated WMI Eventing
Empire Invoke DLLInjection
Empire PSInject
IKEEXT Remote Service DLL Hijack
Defense Evasion
Empire WDigest Downgrade
Empire Enable RDP
Covenant Wuauclt CreateRemoteThread Execution
Empire Over-Pass-The-Hash
Empire Invoke DLLInjection
WMIC Remote XSL Jscript Execution
Empire Regsvr32 Execution
Empire PSInject
IKEEXT Remote Service DLL Hijack
Empire Powerview Add-DomainObjectAcl
Empire Invoke InternalMonologue
Covenant ShellCmd InstallUtil
Credential Access
Empire Reg Dump SAM Hive
RDP TaskManager LSASS Dump
Empire Mimikatz SAM Extract Hashes
Empire DCSync
Empire Mimikatz Backup Keys
Empire Mimikatz LogonPasswords
Rubeus Userland ASKTGT PTT
Empire Powerdump Extract Hashes
Empire Mimikatz Lsadump LSA Patch
Covenant DCSync
Rubeus Elevated ASKTGT CreateNetOnly
Empire Mimikatz Extract Kerberos Keys
Discovery
Covenant GetDomainGroup Domain Admins
Empire Shell Net Domain Admins
Empire Remote Get Session
Empire Net Local Administrators Group
Empire Find Local Admin Access
Empire Net Domain Users
Empire Net Local Users
Lateral Movement
Empire Invoke SMBExec
Covenant PowerShell Remoting Command
Covenant Remote WMI Wbemcomn DLL Hijacking
DCOM RegisterXLL
Covenant SharpWMI Exec
Covenant SharpSC Start
Covenant Remote File Copy
Empire Invoke PSRemoting
Covenant SharpSC Create
Covenant Remote DCOM Iertutil DLL Hijacking
Empire Over-Pass-The-Hash
Covenant SharpSC Stop Service
Empire Invoke DCOM ShellWindows
Covenant Remote WMI Eventing ActiveScriptEventConsumers
Empire Invoke PsExec
Covenant SharpSC Query
DCOM ExecuteExcel4macro
Covenant SC.exe Utility Query
Empire Invoke Execute MSBuild
Empire Remote WMIC Add User
Mimikatz Netlogon Unauthenticated NetrServerAuthenticate2
Empire Invoke WMI
Collection
MSF Record Mic
Linux
MAC
AWS
.md
.pdf
repository
open issue
suggest edit
Contents
Privilege Escalation
ΒΆ
IKEEXT Remote Service DLL Hijack
Invoke BypassUAC FodHelper
