Be Hero From Ring 0 - Befor Purchase

Introduction:

The purpose of this guide is to reveal to every visitor the attackers way of thinking in the Internet space and the ability to utilize the tools at his disposal, this includes both in the private space and in the business/organizational space.

Specific to this guide, I will share a combination of several attack methods for Windows operating system environments.
Started from the counting phase to be carried out with handshake theft and understanding what is ahead of us to stealing information by scripts and exploiting vulnerabilities to implementing an exploitation and post-exploitation method by silent mode comes down to the ground and achieves remote control of ring 0 Groups and AD Win environments. Tested on Win 7 and higher

Brief details: For the purpose of understanding and practice that you can apply in any environment, I will start with the enumeration by wifi attack to take a handshake. Of course, the initial remote connection can be implemented in other common and well-known ways of gathering information about the organization and traditional communication options, and from there pack the information into a txt file where we will build our profile so that every time we update it and we will update accordingly.

The goal at this point is to gather information in order to start scanning the victims environment. I will take both the Alpha AWUS036NH and the WiFi Pineapple MARK VII , the combination between the two allows me to scan simultaneously in real time and carry out through the Alpha that will work on Linux with aircrack-ng and with the help of the Pineapple we will carry out a silent attack Also transition capabilities that will allow us to achieve our goal as quickly as possible. Of course, an evil twin AP attack can be carried out in a variety of ways, but the idea here is to do everything simply and present the attackers ways of thinking from start to finish that anyone can legally apply in their environment and understand how to protect themselves.

When an evil twin AP is present, a threat actor broadcasts the same SSID as the legitimate AP (and often the same BSSID or MAC address of the SSID) to fool the device into connecting Once a client is connected to the evil twin AP, the attack is over When we get access to the router or intermittently MitM can also be enough if we are confronting an organization and not a specific computer inside a router.
From this point we can continue to Get the First Exploitation to any WIN PC Environment are connected to This router and gain access / Start to play with Post-exploitation capabilities.