The Red Team Vade Mecum
Search…
The Red Team Vade Mecum
The Red Team Vade Mecum
Techniques
Defense Evasion
Privilege Escalation
Enumeration
Execution
Initial Access
Tips and Tricks
Tools
Staging/Stagers
MS Office
Payload Delivery
File Formats
Lateral Movement
Code Injection
Persistence
Infrastructure
SQL
Other
Windows Internals
Powered By GitBook
Staging/Stagers
Stagers are used to: keep payload smalls, appear non malicious, and avoid detection. This will keep things nice and simple and will reduce the complexity of our payloads. Here are a list of stages, and their purpose:
STAGE 0
  • Also known as Droppers and Loaders
  • Burnable and ready to adapt to new methods
  • Used for Initial payload delivery
  • Detecting defenses such as security products and application whitelisting
  • Used for bypassing such defenses like application whitelisting and amsi
  • facilitate transfer into the other stages
STAGE 1
  • This is used for persistence and such
  • Used for situational awareness and information gathering
  • Will be the long term beacon
  • Will usually have robust communication, and will be very stable
STAGE 2
  • This is where the fun starts
  • Privilege escalation
  • lateral movement
  • Network enumeration
  • AD attacks and credential access
STAGE 3
  • The exfiltration phase
  • Find and extract sensitive data
  • encrypt traffic, uses traffic tunneling
​
​
Previous
Tools
Next
MS Office
Last modified 1yr ago
Copy link