Skip to content

AmberWolf Docs

Here we can write all our foundational knowledge, techniques, tradecraft, guides you name it!

How to use it

  • Use Obsidian: Markdown is not a standard and different editors support different features. We can avoid compatibility issues by all using the same editor.
  • Before git clone, AV will trigger: This repo is full of techniques marked as malicious, you are warned. Act as you see fit.
  • Recommended plugin, git-obsidian: Keep your local copy always in sync to avoid merge issues. See guide below.
  • Take a quick look at the structure: Just a few very basic rules because... Rules... Without them we live with the animals!
  • Add new content: Add new page and Ctrl+p > Insert template > page. This adds a frontmatter with some basic fields.

Setting up Obsidian

Common settings so everyone's Obsidian plays nice with the others. 1. Install Obsidian and clone Consulting/Docs repo. 2. Set attachment default folder: Obisidian preferences > Files and Links > Default location for new attachments > in the folder specified below > attachments. 3. Set default folder for templates: Obsidian preferences > Core plugin: Templates > Templates folder location > templates. 4. Install git-obsidian plugin: 1. Make sure you have git installed in your system. Make sure you setup git name and email. 2. Enable community plugins: Obisidian preferences > Community plugins > Turn on community plugins 3. Install git-obsidian: Obisidian preferences > Community plugins > browse > search git and install 4. Configure git-obsidian: Obisidian preferences > Community plugins: Git 1. Auto commit-and-sync interval (minutes): 5 2. Auto pull interval (minutes): 2 3. List filenames affected by commit in the body: ON

Structure

  • 01. Fundamentals 🪨: Foundational knowledge about a technology or a product. Let's refrain from writing offensive techniques here. Examples:
    • Kubernetes
    • Networking
    • AWS
    • Windows Internals
  • 02. Offensive 🏹: Attack techniques about everything, including cloud.
    • 01. Web: everything related to web-specific techniques. Examples:
      • CSS bypasses
      • List of HTTP uploads docs
      • SQL Injection
    • 02. Reconnaissance, Initial Access: everything that is done to enumerate and get access to an internal network. No authentication required. Examples:
      • Phishing via third parties
      • Evil reverse proxy
      • NAC bypass
      • spraying
    • 03. Execution, Persistence, PE: any technique that is used to execute code locally in a system, including defense evasion/bypasses, persistence and local privilege escalation. Examples:
      • DLL hijacking
      • AMSI/ETW bypass
      • API unhooking
      • Windows Script Hosts
    • 04. Discovery, Lateral Movement: all enumeration actions that are authenticated and usually inside an internal network. All techniques that involve executing code in a remote system. Examples:
      • Bloodhound
      • ROADRecon
      • ADCS
      • MSSQL
      • Shadows creds
      • Kerberos things
    • 05. Credential Access: anything that its main objective is to harvest, manage, crack, dump credentials. Examples:
      • LSASS dumping
      • Clous cracking
      • Chrome/Edge Harvesting
      • SAS strings decryption
    • 06. Exfiltration, Impact: all final actions in an engagement to prove impact. Examples:
      • Exfiltrate data from server stealthily
      • Hijacking payments platforms
      • SWIFT hijacking, who dares?
  • 03. AW Infrastructure 🏢: Technical guides and documentation about AW infrastructure, RT, Nessus box, Havoc etc.
    • AW Links
    • AW Tools Summary
    • C2 deployment
    • EDR Lab
  • 04. AW Guides 📜: Non-technical guides which describe AW intrinsic processes and workflows. Examples:
    • Onboarding
    • Pentesting process checklist
    • Review process
  • 05. WIP Personal 🥷: Personal notes for each one of us. To be clear: this section is not attempting to replace our own personal wikis systems if someone doesn't want to. However, some of us can find it helpful to have a section only for them, but public to the company. Example: writing a blog post for AW, sharing quick dirty notes with someone else, brainstorming or simply note-taking.
    • David Cash
    • Iain Smart
    • Arnau Ortega
  • attachments: folder used by obsidian to store attachments, used when pasting screenshots, scripts etc.
  • templates: folder to store Obisidian templates. Use with: Ctrl+P > Templates: Insert template > page to insert a front matter to a page.
  • README: Documents in every one of the core folders with a quick guideline for its contents.

Obsidian extra tips

Not mandatory but maybe recommended: - Increase change line length: Obisidian preferences > Readable line length > OFF - Disable popup notifications: create folder in <git-root>\.obsidian\snippets, and add hide-all-notifications.css: 

1
.notice-container { display: none !important; }
- Set AW color accent: Obsidian preferences > Accent color > Set R: 253, G: 66, B: 15. - Switch between view and edit mode with Ctrl+E.