PenTest+ Module 24 - Automated Attacks

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/21

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 4:22 AM on 7/4/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

22 Terms

1
New cards

Automated Attacks

Involve the use of scripts and automated tools to systematically exploit vulnerabilities in systems and networks

2
New cards

Empire

Post-exploitation framework that allows to run PowerShell agents without needing PowerShell.exe which helps evade detection

3
New cards

PowerSploit

Collection of PowerShell scripts that can be used for post-exploitation, reconnaissance, and exploitation

4
New cards

Invoke-AllChecks - PowerSploit

Used to check for potential privilege escalation opportunities on a Windows machine

5
New cards

Invoke-Shellcode - PowerSploit

Allows to inject shellcode directly into the memory of a running process

6
New cards

PowerView

Collection of PowerShell scripts that helps map out an Active Directory environment. Includes identifying users, groups, computers, and the relationships between them

Primary use is to map out users, groups, and computers in an Active Directory domain

7
New cards

PowerUpSQL

Collection of PowerShell functions that make it easier to find, access, and exploit SQL Server installations, which are often critical assets in an organization

8
New cards

Get-SQLServerInfo - PowerUpSQL

PowerUpSQL command that can help gather detailed information about a specific SQL Server instance, including the version, users, and roles

9
New cards

Invoke-SQLEscalatePriv - PowerUpSQL

PowerUpSQL function, which can automate attempts to escalate privileges on the SQL Server

10
New cards

Get-SQLServerLoginDefaultPw - PowerUpSQL

PowerUpSQL command, which allows to find SQL Server instances in the domain and determine if they are configured with default passwords commonly used by applications

11
New cards

Get-SQLServerLink - PowerUpSQL

PowerUpSQL command, which identifies linked servers that might allow to move from one server to another

12
New cards

PowerShell

Powerful tool for automating tasks in Windows environments

13
New cards

Cmdlets - PowerShell

Allow to query and manipulate AD objects such as users, groups, and computers

14
New cards

Get-ADUser - PowerShell

Most basic cmdlet used for AD searches

Retrieve information about user accounts in AD

15
New cards

Scapy

A Python-based packet manipulation tool and library that captures, forges, decodes, and analyzes network packets

Mainly used to craft and manipulate network packets

16
New cards

Caldera

Open-source platform developed by MITRE that focuses on automating adversary emulation

Automates breach and attack simulations (BAS) based on the MITRE ATT&CK framework

17
New cards

Breach and Attack Simulation (BAS) Tools

Designed to mimic the actions of attackers as they attempt to breach a network and move laterally within it

18
New cards

Infection Monkey

An open-source tool that acts like a kind of “malware vaccine” for the network

Is essentially an adversary emulation tool

Helps simulate malware-like attacks to improve network security

19
New cards

Agent - Infection Monkey

Like a network worm that user can configure to spread through the network, steal data, and deliver payloads

20
New cards

Monkey Island - Infection Monkey

Command and control server

21
New cards

Atomic Red Team

An open-source tool that makes it easier to see how a network would hold up against specific techniques used by attackers

Tool based on the MITRE ATT&CK framework, which is a comprehensive list of the tactics and techniques that attackers use

Simplifies the simulation of individual attack techniques from the MITRE ATT&CK Framework

22
New cards

Atomic Tests - Atomic Red Team

Mimic real attacks without needing a lot of setup or specialized knowledge