I’ve experienced a bit of trouble of late with both Empire and PoshC2_Python payloads failing to call back to their corresponding Empire and/or PoshC2 listener/server. This brief post detailing the…

The importance of XML based vulnerabilities in web application security has given prominence. Part-1 is XML Basics.

The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS queries for 'avsvmcloud.com'…

In this video walkthrough, we demonstrated the exploitation of Linux wildcards in file archiving tool 'tar' to achieve privilege escalation. We used The Terminal machine from tryhackme.
--
Receive video documentation
https://www.youtube.com/channel/UCNSd…

Breaking a WPS PIN

Work in progress... Contribute to ivan-sincek/wifi-penetration-testing-cheat-sheet development by creating an account on GitHub.

Some time last year, I came across a Burp extension on Github that replicates the Invoke Applications functionality from OWASP ZAP in Burp....

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️ - ihebski/DefaultCreds-cheat-sheet

AV/EDR evasion via direct system calls. Contribute to jthuraisamy/SysWhispers2 development by creating an account on GitHub.

MindMap of common Internal Network Pentest workflow and commands. - GitHub - sdcampbell/Internal-Network-Pentest-MindMap: MindMap of common Internal Network Pentest workflow and commands.

A free software to find the components installed in Joomla CMS, built out of the ashes of Joomscan. - drego85/JoomlaScan

Distributed malware processing framework based on Python, Redis and S3. - CERT-Polska/karton

XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts - MariaGarber/XSS-Scanner