# Red Team Operations - [Initial Access](https://red.0xbad53c.com/red-team-operations/initial-access.md): This section describes techniques related to Mitre TA0001 - Initial Access - [Webshells](https://red.0xbad53c.com/red-team-operations/initial-access/webshells.md): This category talks about webshells. Our aim is usually to load a C2 framework from the webshell or execute other code without spawning suspicious subprocesses from the web server process. - [Java (JSP) - Bring Your Own Jar](https://red.0xbad53c.com/red-team-operations/initial-access/webshells/java-jsp-bring-your-own-jar.md): On this page, we will explore how to reflectively load a class from a Java library and call its main method. In red team context, this can be used to stage additional java code without touching disk. - [IIS - SOAP](https://red.0xbad53c.com/red-team-operations/initial-access/webshells/iis-soap.md): This page describes how to run shellcode from a webshell with a .soap extension. Sometimes web applications use upload blacklists and forget about this extension type. - [Macro Attacks](https://red.0xbad53c.com/red-team-operations/initial-access/macro-attacks.md): This category talks about Office macro attacks, which are often used in combination with phishing to establish a foothold on the victim's machine. - [Talking Documents with SpVoice COM](https://red.0xbad53c.com/red-team-operations/initial-access/macro-attacks/talking-documents-with-spvoice-com.md): This page describes how to use the Microsoft Speech API to let your office document talk to the end user. - [Binary File Write via Microsoft Speech API](https://red.0xbad53c.com/red-team-operations/initial-access/macro-attacks/binary-file-write-via-microsoft-speech-api.md): This page describes how to use the Microsoft Speech API to write binary files from office documents. - [Mark-Of-The-Web Bypass with 7-zip](https://red.0xbad53c.com/red-team-operations/initial-access/macro-attacks/mark-of-the-web-bypass-with-7-zip.md) - [Azure and O365](https://red.0xbad53c.com/red-team-operations/azure-and-o365.md) - [PRT Abuse from Userland with Cobalt Strike](https://red.0xbad53c.com/red-team-operations/azure-and-o365/prt-abuse-from-userland-with-cobalt-strike.md): This page describes how to acquire an Azure AD Single Sign-On session from a non-privileged user session on a Windows machine. The acquired token is later used to enumerate Azure AD via ROADTools. - [Enumerate Azure AD with AzureHound from Userland](https://red.0xbad53c.com/red-team-operations/azure-and-o365/enumerate-azure-ad-with-azurehound-from-userland.md): This page describes how to enumerate Azure AD with AzureHound, starting from a non-privileged user session on a Windows machine. - [AWS](https://red.0xbad53c.com/red-team-operations/aws.md) - [Role Abuse: SSM](https://red.0xbad53c.com/red-team-operations/aws/role-abuse-ssm.md): This page describes how a compromised machine with the default AmazonSSMRoleForInstancesQuickSetup role can allow an attacker to move laterally to all other machines holding this role in the VPC. - [OffSecOps](https://red.0xbad53c.com/red-team-operations/offsecops.md) - [Arsenal Aggressor Script](https://red.0xbad53c.com/red-team-operations/offsecops/arsenal-aggressor-script.md): Aggressor script to automatically download and load an arsenal of open source and private tooling. Hopefully, this saves other teams time and helps the community! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://red.0xbad53c.com/red-team-operations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.