> For the complete documentation index, see [llms.txt](https://kwcsec.gitbook.io/the-red-team-handbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kwcsec.gitbook.io/the-red-team-handbook/techniques.md).

# Techniques

- [Defense Evasion](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion.md)
- [Binary Properties and Code Signing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/binary-properties-and-code-signing.md)
- [ATA/ATP](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp.md)
- [Important Note](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/note.md)
- [Intro](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/intro.md)
- [Lateral Movement](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/lateral-movement.md)
- [Domain Dominance](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/domain-dominance.md)
- [Identification](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/identifying.md)
- [Recon](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/recon.md)
- [Blocking/Disabling Telemetry](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry.md)
- [Trusted Installer](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ata-atp/blocking-disabling-telemetry/trusted-installer.md)
- [Tips and Tricks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/tips-and-tricks.md)
- [Basics](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics.md)
- [IOCs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/iocs.md)
- [High Level Overview of EDR technologies](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/iocs/high-level-overview-of-edr-technologies.md)
- [Sandbox Evasion](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/sandbox-evasion.md)
- [Obfuscating Imports](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports.md)
- [Bootstrapping](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/obfuscating-imports/bootstrapping.md)
- [Encrypting Strings](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/basics/encrypting-strings.md)
- [Disabling/Patching Telemetry](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry.md)
- [ETW Bypasses](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/etw-bypasses.md)
- [AMSI Bypasses](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/disabling-patching-telemetry/amsi-bypasses.md)
- [Minimization](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization.md)
- [Commands to Avoid](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/commands-to-avoid.md)
- [Pivoting](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/pivoting.md)
- [Benefits of Using APIs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/benefits-of-using-apis.md)
- [Thread-less Payload Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/thread-less-payload-execution.md)
- [DLL Hollowing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/minimization/module-stomping.md)
- [Misdirection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection.md)
- [Command Line Argument Spoofing](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing.md)
- [PPID Spoofing via CreateProcess](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/ppid-spoofing-via-createprocess.md)
- [Switching Parents](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents.md)
- [Dechaining via WMI](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/switching-parents/ppid-spoofing-via-wmi.md)
- [Hiding our Payloads](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads.md)
- [Event Logs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/event-logs.md)
- [File metadata](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/file-metadata.md)
- [Registry Keys](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/registry-keys.md)
- [ADS](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/hiding-our-payloads/ads.md)
- [IPC For Evasion and Control](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/ipc-for-sandbox-evasion-and-organization.md)
- [Privilege Escalation](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation.md)
- [Hunting For Passwords](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hunting-for-passwords.md)
- [To System](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system.md)
- [New Service](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/new-service.md)
- [Named Pipe Impersonation](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/named-pipe-impersonation.md)
- [Local Exploits](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/local-exploits.md)
- [AlwaysInstallElevated](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/to-system/alwaysinstallelevated.md)
- [Hijacking Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution.md)
- [Environment Variable interception](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/environment-variable-interception.md)
- [DLL Hijacking](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/hijacking-execution/dll-hijacking.md)
- [Insecure Permissions](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions.md)
- [Missing Services and Tasks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/missing-services-and-tasks.md)
- [Misconfigured Registry Hives](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/misconfigured-registry-hives.md)
- [Insecure Binary Path](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/insecure-binary-path.md)
- [Unquoted Service Paths](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/privilege-escalation/insecure-permissions/unquoted-service-paths.md)
- [Enumeration](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration.md)
- [Situational Awareness](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration/situational-awareness.md)
- [Recon Commands](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration/recon-commands.md)
- [.NET AD Enum commands](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration/recon-commands/.net-ad-enum-commands.md)
- [WMIC commands](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration/recon-commands/wmic-commands.md)
- [WMI queries from c++](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/enumeration/recon-commands/wmic-commands/wmi-queries-from-c++.md)
- [Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/execution.md)
- [Cool ways of Calling a Process](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/execution/cool-ways-of-calling-a-process.md)
- [One Liners](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/execution/one-liners.md)
- [Initial Access](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access.md)
- [Tips and Tricks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/tips-and-tricks.md)
- [Tools](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/tools.md)
- [Staging/Stagers](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/staging-stagers.md)
- [MS Office](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office.md)
- [Macros](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros.md)
- [Evasion](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion.md)
- [VBA Stomping](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/vba-stomping.md)
- [Revert To Legacy Warning in Excel](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/revert-to-legacy-warning-in-excel.md)
- [Sandbox Evasion](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/evasion/sandbox-evasion.md)
- [Info Extraction](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/info-extraction-1.md)
- [Inline Shapes](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/inline-shapes.md)
- [.MAM Files](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/.mam-files.md)
- [PowerPoint](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/powerpoint.md)
- [ACCDE](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/accde.md)
- [Shellcode Execution](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/shellcode-execution.md)
- [Info Extraction](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/info-extraction.md)
- [Dechaining Macros](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/macros/dechaining-macros.md)
- [Field Abuse](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/field-abuse.md)
- [DDE](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/ms-office/dde.md)
- [Payload Delivery](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/payload-delivery.md)
- [File Formats](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats.md)
- [MSG](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/msg.md)
- [RTF](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/rtf.md)
- [REG](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/reg.md)
- [BAT](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/bat.md)
- [MSI Files](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/msi-files.md)
- [IQY](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/iqy.md)
- [CHM](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/chm.md)
- [LNK](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/lnk.md)
- [Using LNK to Automatically Download Payloads](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/lnk/using-lnk-to-automatically-download-payloads.md)
- [HTA](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/initial-access/file-formats/hta.md)
- [Lateral Movement](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement.md)
- [Linux](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/linux.md)
- [SSH Hijacking](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/linux/ssh-hijacking.md)
- [RDP](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/linux/rdp.md)
- [Impacket](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/linux/impacket.md)
- [No Admin?](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/no-admin.md)
- [Checking for access](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/checking-for-access.md)
- [Poison Handler](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/poison-handler.md)
- [WinRM](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/winrm.md)
- [AT](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/at.md)
- [PsExec](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/psexec.md)
- [WMI](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/wmi.md)
- [Service Control](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/service-control.md)
- [DCOM](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/dcom.md)
- [RDP](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/rdp.md)
- [SCShell](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/lateral-movement/scshell.md)
- [Code Injection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection.md)
- [Hooking](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/hooking.md)
- [Detours](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/hooking/detours.md)
- [CreateRemoteThread](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/createremotethread.md)
- [DLL Injection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/dll-injection.md)
- [APC Queue Code Injection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/apc-queue-code-injection.md)
- [Early Bird Injection](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/code-injection/early-bird-injection.md)
- [Persistence](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence.md)
- [Scheduled Tasks](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/scheduled-tasks.md)
- [AT](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/scheduled-tasks/at.md)
- [MS Office](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/ms-office.md)
- [SQL](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/sql.md)
- [Admin Level](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level.md)
- [SSP](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/ssp.md)
- [Services](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/services.md)
- [Default File Extension](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/default-file-extension.md)
- [AppCert DLLs](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/appcert-dlls.md)
- [Time Provider](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/time-provider.md)
- [Waitfor](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/waitfor.md)
- [WinLogon](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/winlogon.md)
- [Netsh Dlls](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/netsh-dlls.md)
- [RDP Backdoors](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/rdp-backdoors.md)
- [AppInit Dlls](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/appinit-dlls.md)
- [Port Monitor](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/port-monitor.md)
- [WMI Event Subscriptions](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/admin-level/wmi-event-subscriptions.md)
- [User Level](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level.md)
- [LNK](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/lnk.md)
- [Startup Folder](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/startup-folder.md)
- [Junction folders](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/junction-folders.md)
- [Registry Keys](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/registry-keys.md)
- [Logon Scripts](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/logon-scripts.md)
- [Powershell Profiles](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/powershell-profiles.md)
- [Screen Savers](https://kwcsec.gitbook.io/the-red-team-handbook/techniques/persistence/user-level/screen-savers.md)
