# Techniques - [Defense Evasion](/the-red-team-handbook/techniques/defense-evasion.md) - [Binary Properties and Code Signing](/the-red-team-handbook/techniques/defense-evasion/binary-properties-and-code-signing.md) - [ATA/ATP](/the-red-team-handbook/techniques/defense-evasion/ata-atp.md) - [Important Note](/the-red-team-handbook/techniques/defense-evasion/ata-atp/note.md) - [Intro](/the-red-team-handbook/techniques/defense-evasion/ata-atp/intro.md) - [Lateral Movement](/the-red-team-handbook/techniques/defense-evasion/ata-atp/lateral-movement.md) - [Domain Dominance](/the-red-team-handbook/techniques/defense-evasion/ata-atp/domain-dominance.md) - [Identification](/the-red-team-handbook/techniques/defense-evasion/ata-atp/identifying.md) - [Recon](/the-red-team-handbook/techniques/defense-evasion/ata-atp/recon.md) - [Blocking/Disabling Telemetry](/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry.md) - [Trusted Installer](/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry/trusted-installer.md) - [Tips and Tricks](/the-red-team-handbook/techniques/defense-evasion/tips-and-tricks.md) - [Basics](/the-red-team-handbook/techniques/defense-evasion/basics.md) - [IOCs](/the-red-team-handbook/techniques/defense-evasion/basics/iocs.md) - [High Level Overview of EDR technologies](/the-red-team-handbook/techniques/defense-evasion/basics/iocs/high-level-overview-of-edr-technologies.md) - [Sandbox Evasion](/the-red-team-handbook/techniques/defense-evasion/basics/sandbox-evasion.md) - [Obfuscating Imports](/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports.md) - [Bootstrapping](/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports/bootstrapping.md) - [Encrypting Strings](/the-red-team-handbook/techniques/defense-evasion/basics/encrypting-strings.md) - [Disabling/Patching Telemetry](/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry.md) - [ETW Bypasses](/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/etw-bypasses.md) - [AMSI Bypasses](/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/amsi-bypasses.md) - [Minimization](/the-red-team-handbook/techniques/defense-evasion/minimization.md) - [Commands to Avoid](/the-red-team-handbook/techniques/defense-evasion/minimization/commands-to-avoid.md) - [Pivoting](/the-red-team-handbook/techniques/defense-evasion/minimization/pivoting.md) - [Benefits of Using APIs](/the-red-team-handbook/techniques/defense-evasion/minimization/benefits-of-using-apis.md) - [Thread-less Payload Execution](/the-red-team-handbook/techniques/defense-evasion/minimization/thread-less-payload-execution.md) - [DLL Hollowing](/the-red-team-handbook/techniques/defense-evasion/minimization/module-stomping.md) - [Misdirection](/the-red-team-handbook/techniques/defense-evasion/misdirection.md) - [Command Line Argument Spoofing](/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing.md) - [PPID Spoofing via CreateProcess](/the-red-team-handbook/techniques/defense-evasion/misdirection/ppid-spoofing-via-createprocess.md) - [Switching Parents](/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents.md) - [Dechaining via WMI](/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents/ppid-spoofing-via-wmi.md) - [Hiding our Payloads](/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads.md) - [Event Logs](/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/event-logs.md) - [File metadata](/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/file-metadata.md) - [Registry Keys](/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/registry-keys.md) - [ADS](/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/ads.md) - [IPC For Evasion and Control](/the-red-team-handbook/techniques/defense-evasion/ipc-for-sandbox-evasion-and-organization.md) - [Privilege Escalation](/the-red-team-handbook/techniques/privilege-escalation.md) - [Hunting For Passwords](/the-red-team-handbook/techniques/privilege-escalation/hunting-for-passwords.md) - [To System](/the-red-team-handbook/techniques/privilege-escalation/to-system.md) - [New Service](/the-red-team-handbook/techniques/privilege-escalation/to-system/new-service.md) - [Named Pipe Impersonation](/the-red-team-handbook/techniques/privilege-escalation/to-system/named-pipe-impersonation.md) - [Local Exploits](/the-red-team-handbook/techniques/privilege-escalation/to-system/local-exploits.md) - [AlwaysInstallElevated](/the-red-team-handbook/techniques/privilege-escalation/to-system/alwaysinstallelevated.md) - [Hijacking Execution](/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution.md) - [Environment Variable interception](/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/environment-variable-interception.md) - [DLL Hijacking](/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/dll-hijacking.md) - [Insecure Permissions](/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions.md) - [Missing Services and Tasks](/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/missing-services-and-tasks.md) - [Misconfigured Registry Hives](/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/misconfigured-registry-hives.md) - [Insecure Binary Path](/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/insecure-binary-path.md) - [Unquoted Service Paths](/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/unquoted-service-paths.md) - [Enumeration](/the-red-team-handbook/techniques/enumeration.md) - [Situational Awareness](/the-red-team-handbook/techniques/enumeration/situational-awareness.md) - [Recon Commands](/the-red-team-handbook/techniques/enumeration/recon-commands.md) - [.NET AD Enum commands](/the-red-team-handbook/techniques/enumeration/recon-commands/.net-ad-enum-commands.md) - [WMIC commands](/the-red-team-handbook/techniques/enumeration/recon-commands/wmic-commands.md) - [WMI queries from c++](/the-red-team-handbook/techniques/enumeration/recon-commands/wmic-commands/wmi-queries-from-c++.md) - [Execution](/the-red-team-handbook/techniques/execution.md) - [Cool ways of Calling a Process](/the-red-team-handbook/techniques/execution/cool-ways-of-calling-a-process.md) - [One Liners](/the-red-team-handbook/techniques/execution/one-liners.md) - [Initial Access](/the-red-team-handbook/techniques/initial-access.md) - [Tips and Tricks](/the-red-team-handbook/techniques/initial-access/tips-and-tricks.md) - [Tools](/the-red-team-handbook/techniques/initial-access/tools.md) - [Staging/Stagers](/the-red-team-handbook/techniques/initial-access/staging-stagers.md) - [MS Office](/the-red-team-handbook/techniques/initial-access/ms-office.md) - [Macros](/the-red-team-handbook/techniques/initial-access/ms-office/macros.md) - [Evasion](/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion.md) - [VBA Stomping](/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/vba-stomping.md) - [Revert To Legacy Warning in Excel](/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/revert-to-legacy-warning-in-excel.md) - [Sandbox Evasion](/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/sandbox-evasion.md) - [Info Extraction](/the-red-team-handbook/techniques/initial-access/ms-office/macros/info-extraction-1.md) - [Inline Shapes](/the-red-team-handbook/techniques/initial-access/ms-office/macros/inline-shapes.md) - [.MAM Files](/the-red-team-handbook/techniques/initial-access/ms-office/macros/.mam-files.md) - [PowerPoint](/the-red-team-handbook/techniques/initial-access/ms-office/macros/powerpoint.md) - [ACCDE](/the-red-team-handbook/techniques/initial-access/ms-office/macros/accde.md) - [Shellcode Execution](/the-red-team-handbook/techniques/initial-access/ms-office/macros/shellcode-execution.md) - [Info Extraction](/the-red-team-handbook/techniques/initial-access/ms-office/macros/info-extraction.md) - [Dechaining Macros](/the-red-team-handbook/techniques/initial-access/ms-office/macros/dechaining-macros.md) - [Field Abuse](/the-red-team-handbook/techniques/initial-access/ms-office/field-abuse.md) - [DDE](/the-red-team-handbook/techniques/initial-access/ms-office/dde.md) - [Payload Delivery](/the-red-team-handbook/techniques/initial-access/payload-delivery.md) - [File Formats](/the-red-team-handbook/techniques/initial-access/file-formats.md) - [MSG](/the-red-team-handbook/techniques/initial-access/file-formats/msg.md) - [RTF](/the-red-team-handbook/techniques/initial-access/file-formats/rtf.md) - [REG](/the-red-team-handbook/techniques/initial-access/file-formats/reg.md) - [BAT](/the-red-team-handbook/techniques/initial-access/file-formats/bat.md) - [MSI Files](/the-red-team-handbook/techniques/initial-access/file-formats/msi-files.md) - [IQY](/the-red-team-handbook/techniques/initial-access/file-formats/iqy.md) - [CHM](/the-red-team-handbook/techniques/initial-access/file-formats/chm.md) - [LNK](/the-red-team-handbook/techniques/initial-access/file-formats/lnk.md) - [Using LNK to Automatically Download Payloads](/the-red-team-handbook/techniques/initial-access/file-formats/lnk/using-lnk-to-automatically-download-payloads.md) - [HTA](/the-red-team-handbook/techniques/initial-access/file-formats/hta.md) - [Lateral Movement](/the-red-team-handbook/techniques/lateral-movement.md) - [Linux](/the-red-team-handbook/techniques/lateral-movement/linux.md) - [SSH Hijacking](/the-red-team-handbook/techniques/lateral-movement/linux/ssh-hijacking.md) - [RDP](/the-red-team-handbook/techniques/lateral-movement/linux/rdp.md) - [Impacket](/the-red-team-handbook/techniques/lateral-movement/linux/impacket.md) - [No Admin?](/the-red-team-handbook/techniques/lateral-movement/no-admin.md) - [Checking for access](/the-red-team-handbook/techniques/lateral-movement/checking-for-access.md) - [Poison Handler](/the-red-team-handbook/techniques/lateral-movement/poison-handler.md) - [WinRM](/the-red-team-handbook/techniques/lateral-movement/winrm.md) - [AT](/the-red-team-handbook/techniques/lateral-movement/at.md) - [PsExec](/the-red-team-handbook/techniques/lateral-movement/psexec.md) - [WMI](/the-red-team-handbook/techniques/lateral-movement/wmi.md) - [Service Control](/the-red-team-handbook/techniques/lateral-movement/service-control.md) - [DCOM](/the-red-team-handbook/techniques/lateral-movement/dcom.md) - [RDP](/the-red-team-handbook/techniques/lateral-movement/rdp.md) - [SCShell](/the-red-team-handbook/techniques/lateral-movement/scshell.md) - [Code Injection](/the-red-team-handbook/techniques/code-injection.md) - [Hooking](/the-red-team-handbook/techniques/code-injection/hooking.md) - [Detours](/the-red-team-handbook/techniques/code-injection/hooking/detours.md) - [CreateRemoteThread](/the-red-team-handbook/techniques/code-injection/createremotethread.md) - [DLL Injection](/the-red-team-handbook/techniques/code-injection/dll-injection.md) - [APC Queue Code Injection](/the-red-team-handbook/techniques/code-injection/apc-queue-code-injection.md) - [Early Bird Injection](/the-red-team-handbook/techniques/code-injection/early-bird-injection.md) - [Persistence](/the-red-team-handbook/techniques/persistence.md) - [Scheduled Tasks](/the-red-team-handbook/techniques/persistence/scheduled-tasks.md) - [AT](/the-red-team-handbook/techniques/persistence/scheduled-tasks/at.md) - [MS Office](/the-red-team-handbook/techniques/persistence/ms-office.md) - [SQL](/the-red-team-handbook/techniques/persistence/sql.md) - [Admin Level](/the-red-team-handbook/techniques/persistence/admin-level.md) - [SSP](/the-red-team-handbook/techniques/persistence/admin-level/ssp.md) - [Services](/the-red-team-handbook/techniques/persistence/admin-level/services.md) - [Default File Extension](/the-red-team-handbook/techniques/persistence/admin-level/default-file-extension.md) - [AppCert DLLs](/the-red-team-handbook/techniques/persistence/admin-level/appcert-dlls.md) - [Time Provider](/the-red-team-handbook/techniques/persistence/admin-level/time-provider.md) - [Waitfor](/the-red-team-handbook/techniques/persistence/admin-level/waitfor.md) - [WinLogon](/the-red-team-handbook/techniques/persistence/admin-level/winlogon.md) - [Netsh Dlls](/the-red-team-handbook/techniques/persistence/admin-level/netsh-dlls.md) - [RDP Backdoors](/the-red-team-handbook/techniques/persistence/admin-level/rdp-backdoors.md) - [AppInit Dlls](/the-red-team-handbook/techniques/persistence/admin-level/appinit-dlls.md) - [Port Monitor](/the-red-team-handbook/techniques/persistence/admin-level/port-monitor.md) - [WMI Event Subscriptions](/the-red-team-handbook/techniques/persistence/admin-level/wmi-event-subscriptions.md) - [User Level](/the-red-team-handbook/techniques/persistence/user-level.md) - [LNK](/the-red-team-handbook/techniques/persistence/user-level/lnk.md) - [Startup Folder](/the-red-team-handbook/techniques/persistence/user-level/startup-folder.md) - [Junction folders](/the-red-team-handbook/techniques/persistence/user-level/junction-folders.md) - [Registry Keys](/the-red-team-handbook/techniques/persistence/user-level/registry-keys.md) - [Logon Scripts](/the-red-team-handbook/techniques/persistence/user-level/logon-scripts.md) - [Powershell Profiles](/the-red-team-handbook/techniques/persistence/user-level/powershell-profiles.md) - [Screen Savers](/the-red-team-handbook/techniques/persistence/user-level/screen-savers.md)