Windows Persistence using WinLogon
π₯ Telegram: https://t.me/hackinarticles
In this article, we are going to describe the ability of the WinLogon process to provide persistent access to the Target Machine.
π Introduction
βοΈ Configurations Used in Practical
ποΈ Default Registry Key Values
π Persistence Using WinLogon
π Using Userinit Key
π» Using the Shell Key
π΅οΈ Detection
π‘οΈ Mitigation
π₯ Telegram: https://t.me/hackinarticles
In this article, we are going to describe the ability of the WinLogon process to provide persistent access to the Target Machine.
π Introduction
βοΈ Configurations Used in Practical
ποΈ Default Registry Key Values
π Persistence Using WinLogon
π Using Userinit Key
π» Using the Shell Key
π΅οΈ Detection
π‘οΈ Mitigation
β€1
Comprehensive Guide on XXE Injection
π₯ Telegram: https://t.me/hackinarticles
today in this article, we will learn how an attacker can use this vulnerability to gain information and try to defame web-application.
π Introduction to XML
π Introduction to XXE Injection
β οΈ Impacts
π XXE for SSRF
π Local File
π Remote File
π£ XXE Billion Laugh Attack
π€ XXE using File Upload
π₯οΈ Remote Code Execution
π§ͺ XSS via XXE
π§ JSON and Content Manipulation
ποΈβπ¨οΈ Blind XXE
π‘οΈ Mitigation Steps
π₯ Telegram: https://t.me/hackinarticles
today in this article, we will learn how an attacker can use this vulnerability to gain information and try to defame web-application.
π Introduction to XML
π Introduction to XXE Injection
β οΈ Impacts
π XXE for SSRF
π Local File
π Remote File
π£ XXE Billion Laugh Attack
π€ XXE using File Upload
π₯οΈ Remote Code Execution
π§ͺ XSS via XXE
π§ JSON and Content Manipulation
ποΈβπ¨οΈ Blind XXE
π‘οΈ Mitigation Steps
β€1
GenAI Red Teaming Guide
β΄ Twitter: Link
Key focus areas:
π Model Risks
Prompt injection, data leaks, hallucinations
π System Weaknesses
API abuse, RAG poisoning, jailbreaks
β’ Runtime Threats
Social engineering, agent hijacking
π§ Top Tools
PyRIT, Garak, Promptfoo
β΄ Twitter: Link
Key focus areas:
π Model Risks
Prompt injection, data leaks, hallucinations
π System Weaknesses
API abuse, RAG poisoning, jailbreaks
β’ Runtime Threats
Social engineering, agent hijacking
π§ Top Tools
PyRIT, Garak, Promptfoo
β€3π₯1
API Penetration Testing Training (Online)
π Register here: https://forms.gle/bowpX9TGEs41GDG99
π¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
π§ Email: info@ignitetechnologies.in
Hurry up, get enrolled yourself with Ignite Technologiesβ fully exclusive Training Program "API Penetration Testing Training."
βοΈ Table of Content
π Course Introduction
π How API works with Web application
βοΈ Types of APIs and their advantages/disadvantages
π Analysing HTTP request and response headers
π‘οΈ API Hacking methodologies
π Enumerate web pages and analyse functionalities
π΅οΈ API passive reconnaissance Strategies
π API active reconnaissance (Kite runner)
π§ Introduction to POSTMAN
π Testing for Excessive data exposure
π Directory indexing / brute force
π Password mutation
π― Password spray attacks against web application
π‘οΈ Introduction to JSON Web Token
π΅οΈ Hunting for JWT authentication vulnerabilities
π£ Exploiting JWT unverified signature
π Cracking JWT secret keys
π« Bypass JWT removing signature
π Exploit jku header injection
π§ Exploit KID in JSON web tokens
π Attacking 0Auth 2.0
π Introduction to OWASP TOP 10 API
βοΈ Hunting and exploiting XXS in API
π΅οΈ Testing for the ReDOS attack in the API web application
π₯ Exploiting XML vulnerabilities
π§ WordPress XML-RPC attack
π Exploiting WSDL/SOAP to RFI
π€ API Automated Vulnerability scanning
π Testing SQL/NoSQL Injection in an API
π Exploiting object-level access control
π§ Exploiting Function level access control
π‘ Testing in-band SSRF vulnerabilities in an API
π Testing out-band SSRF vulnerabilities in an API
βοΈ Testing OS Command Injection
β Exploiting Java deserialization vulnerabilities
ποΈ Testing for improper assets management
π¦ Testing for Mass assignment vulnerabilities
π§ Bypass filter, space, and blacklisted characters
π Bypass Captcha and MFA
π Remediations and Reporting
π Register here: https://forms.gle/bowpX9TGEs41GDG99
π¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
π§ Email: info@ignitetechnologies.in
Hurry up, get enrolled yourself with Ignite Technologiesβ fully exclusive Training Program "API Penetration Testing Training."
βοΈ Table of Content
π Course Introduction
π How API works with Web application
βοΈ Types of APIs and their advantages/disadvantages
π Analysing HTTP request and response headers
π‘οΈ API Hacking methodologies
π Enumerate web pages and analyse functionalities
π΅οΈ API passive reconnaissance Strategies
π API active reconnaissance (Kite runner)
π§ Introduction to POSTMAN
π Testing for Excessive data exposure
π Directory indexing / brute force
π Password mutation
π― Password spray attacks against web application
π‘οΈ Introduction to JSON Web Token
π΅οΈ Hunting for JWT authentication vulnerabilities
π£ Exploiting JWT unverified signature
π Cracking JWT secret keys
π« Bypass JWT removing signature
π Exploit jku header injection
π§ Exploit KID in JSON web tokens
π Attacking 0Auth 2.0
π Introduction to OWASP TOP 10 API
βοΈ Hunting and exploiting XXS in API
π΅οΈ Testing for the ReDOS attack in the API web application
π₯ Exploiting XML vulnerabilities
π§ WordPress XML-RPC attack
π Exploiting WSDL/SOAP to RFI
π€ API Automated Vulnerability scanning
π Testing SQL/NoSQL Injection in an API
π Exploiting object-level access control
π§ Exploiting Function level access control
π‘ Testing in-band SSRF vulnerabilities in an API
π Testing out-band SSRF vulnerabilities in an API
βοΈ Testing OS Command Injection
β Exploiting Java deserialization vulnerabilities
ποΈ Testing for improper assets management
π¦ Testing for Mass assignment vulnerabilities
π§ Bypass filter, space, and blacklisted characters
π Bypass Captcha and MFA
π Remediations and Reporting
β€1
π¨ Upcoming Webinar Alert β Advance Your Cybersecurity Career! π‘
Are you ready to take the next step in your cybersecurity journey?
Join us for an exclusive CISSP Webinar where industry experts will guide you through:
β What it takes to become CISSP certified
β Key domains of the (ISC)Β² Common Body of Knowledge (CBK)
β Proven strategies to pass the CISSP exam
β Career opportunities unlocked by CISSP certification
π Date: 21 June 2025
π Time: 06:00 PM - 07:30 PM IST
β³ Duration: 90 Mins (60 min walkthrough + 30 min Q&A)
π Location: Online
Whether you're preparing for the CISSP exam or simply exploring the certification, this session will provide valuable insights and practical advice.
π‘ Donβt miss the chance to ask your questions live!
π Join Us on WhatsApp to get the webinar link: https://chat.whatsapp.com/Da2fPnvXrGt5SvC6rpEtwm
Are you ready to take the next step in your cybersecurity journey?
Join us for an exclusive CISSP Webinar where industry experts will guide you through:
β What it takes to become CISSP certified
β Key domains of the (ISC)Β² Common Body of Knowledge (CBK)
β Proven strategies to pass the CISSP exam
β Career opportunities unlocked by CISSP certification
π Date: 21 June 2025
π Time: 06:00 PM - 07:30 PM IST
β³ Duration: 90 Mins (60 min walkthrough + 30 min Q&A)
π Location: Online
Whether you're preparing for the CISSP exam or simply exploring the certification, this session will provide valuable insights and practical advice.
π‘ Donβt miss the chance to ask your questions live!
π Join Us on WhatsApp to get the webinar link: https://chat.whatsapp.com/Da2fPnvXrGt5SvC6rpEtwm
π Active Directory Exploitation Training (Online) β Register Now! π
π Register here: https://forms.gle/bowpX9TGEs41GDG99
π¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
π§ Email: info@ignitetechnologies.in
Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.
βοΈ Comprehensive Table of Contents:
π Initial Active Directory Exploitation
π Active Directory Post-Enumeration
π Abusing Kerberos
π§° Advanced Credential Dumping Attacks
π Privilege Escalation Techniques
π Persistence Methods
π Lateral Movement Strategies
π‘ DACL Abuse (New)
π΄ ADCS Attacks (New)
π Saphire and Diamond Ticket Attacks (New)
π Bonus Sessions
π Register here: https://forms.gle/bowpX9TGEs41GDG99
π¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
π§ Email: info@ignitetechnologies.in
Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.
βοΈ Comprehensive Table of Contents:
π Initial Active Directory Exploitation
π Active Directory Post-Enumeration
π Abusing Kerberos
π§° Advanced Credential Dumping Attacks
π Privilege Escalation Techniques
π Persistence Methods
π Lateral Movement Strategies
π‘ DACL Abuse (New)
π΄ ADCS Attacks (New)
π Saphire and Diamond Ticket Attacks (New)
π Bonus Sessions
β€2
ICMP Status Code
π΄β«Full HD: https://github.com/Ignitetechnologies/Mindmap/blob/main/ICMP/ICMP%20Status%20Code%20HD.png
π΄β«Full HD: https://github.com/Ignitetechnologies/Mindmap/blob/main/ICMP/ICMP%20Status%20Code%20HD.png
John the Ripper- Converter
π΄β«Full HD: https://github.com/Ignitetechnologies/Mindmap/blob/main/John/John%20The%20Ripper%20Converter%20HD.png
π΄β«Full HD: https://github.com/Ignitetechnologies/Mindmap/blob/main/John/John%20The%20Ripper%20Converter%20HD.png