Documentation overview
Feel free to add me on Discord (ice0) or linkedin if you have any questions about the attacks or setting up the SCCM lab.
This is just a walkthrough. All credit for the original research on SCCM goes to the people at SpecterOps, Synacktiv, and MWR CyberSec.