• Credential Dumping – Active Directory Reversible Encryption.
• Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies.
• https://www.hackingarticles.in/credential-dumping-active-directory-reversible-encryption/
#AD
• Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies.
• https://www.hackingarticles.in/credential-dumping-active-directory-reversible-encryption/
#AD
👍14✍4
• https://youtu.be/P-_1cdJewAw
#СИ #Видео
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Социальная инженерия: тенденции red team, технические аспекты kill chain и проектный опыт
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
🔥10🤯4✍3❤2👍1
Forwarded from Cybred
BRUTEPRINT_Expose_Smartphone_Fingerprint.pdf
3.4 MB
Описание работы двух зиродеев от китайцев, позволяющих брутить и митмить отпечатки пальцев на смартфонах.
👍13🔥4❤2😱2👏1
Forwarded from SecAtor
В ответ на задержание одного из своих операторов LockBit опубликовали клип группы Лесоповал с песней «Был пацан и нет пацана».
😁30🫡8👍2🤔1
Forwarded from Cybred
— Allsafe
— InsecureShop
— OWASP: OMTG-Hacking-Playground
— Damn insecure and vulnerable App (DIVA)
— Damn-Vulnerable-Bank
— InjuredAndroid
— Damn Vulnerable Hybrid Mobile App (DVHMA)
— InsecureBankv2
— sievePWN
— Dodo vulnerable bank
— Android security sandbox
— OVAA (Oversecured Vulnerable Android App)
— SecurityShepherd
— OWASP-mstg
— Purposefully Insecure and Vulnerable Android Application (PIIVA)
— VulnDroid
— FridaLab
— Vuldroid
— DamnVulnerableCryptoApp
Подборка уязвимых Android приложений, чтобы потренироваться в анализе и научиться находить баги.
— InsecureShop
— OWASP: OMTG-Hacking-Playground
— Damn insecure and vulnerable App (DIVA)
— Damn-Vulnerable-Bank
— InjuredAndroid
— Damn Vulnerable Hybrid Mobile App (DVHMA)
— InsecureBankv2
— sievePWN
— Dodo vulnerable bank
— Android security sandbox
— OVAA (Oversecured Vulnerable Android App)
— SecurityShepherd
— OWASP-mstg
— Purposefully Insecure and Vulnerable Android Application (PIIVA)
— VulnDroid
— FridaLab
— Vuldroid
— DamnVulnerableCryptoApp
Подборка уязвимых Android приложений, чтобы потренироваться в анализе и научиться находить баги.
GitHub
GitHub - t0thkr1s/allsafe-android: Intentionally vulnerable Android application.
Intentionally vulnerable Android application. Contribute to t0thkr1s/allsafe-android development by creating an account on GitHub.
👍13🔥6🥰1
• DFIR Artifact Museum.
• The DFIR Artifact Museum is a community-driven archive of DFIR-related artifacts. It was created to provide a centralized location for examples of artifacts from various operating systems.
• https://github.com/AndrewRathbun/DFIRArtifactMuseum
#DFIR
• The DFIR Artifact Museum is a community-driven archive of DFIR-related artifacts. It was created to provide a centralized location for examples of artifacts from various operating systems.
• https://github.com/AndrewRathbun/DFIRArtifactMuseum
#DFIR
GitHub
GitHub - AndrewRathbun/DFIRArtifactMuseum: The goal of this repo is to archive artifacts from all versions of various OS's and…
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access t...
✍9🔥5
Introduction to FTP
• Uses of FTP;• Working of FTP;Penetration Testing on FTP
• Installation of FTP;• Anonymous Login;• Disable FTP_banner;• Switch Port for FTP Service;• Sniffing FTP Login credential;• Use SSL Certificate against Sniffing;• Stop FTP Brute_Force Attack with Fail2ban;• Restrict IP to Connect FTP.#ftp #пентест
Please open Telegram to view this post
VIEW IN TELEGRAM
✍18👍6❤4👨💻3🔥2
infosec
SSH penetration testing sample by HackingArticles.pdf
Introduction to SSH;
SSH Installation;
SSH Port Scanning;
Methods to Connect SSH;
• Terminal Command (Linux);• Putty (Windows);Port Redirection;
Establish SSH connection using RSA key;
Exploit SSH with Metasploit;
• SSH Key Persistence- Post Exploitation;• Stealing the SSH key;• SSH login using pubkey;SSH Password cracking.
#ssh #пентест
Please open Telegram to view this post
VIEW IN TELEGRAM
✍12⚡4👍3🆒3❤2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
This media is not supported in your browser
VIEW IN TELEGRAM
Иногда нужно найти сайты/просканировать поддомены для определенного домена. Очень сильно помогает puredns.
1. Cначала запускаем dnsvalidator. Он соберёт список отвечающих NS серверов (остановить минут через 5 работы, 3-4к серверов хватит).
P.S. при сканировании с wi-fi, во время скана от сети отрубились все устройства, кроме сканирующего ноута😅
#pentest #scan #dns #soft #hacktricks
1. Cначала запускаем dnsvalidator. Он соберёт список отвечающих NS серверов (остановить минут через 5 работы, 3-4к серверов хватит).
dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 100 -o resolvers.txt2. Затем запускаем puredns. Указываем словарь с поддоменами, домен для сканирования и файл, полученный на предыдущем шаге.
puredns bruteforce dns.lst domain.com -r resolvers.txtНа сканирование словарика 9.5 млн записей уйдет примерно 4 минуты))
P.S. при сканировании с wi-fi, во время скана от сети отрубились все устройства, кроме сканирующего ноута😅
#pentest #scan #dns #soft #hacktricks
👍15😁7🔥4❤3✍2👌2
Forwarded from Cybred
— CloudFoxable
— FLAWS
— FLAWS2
— AWS Well Architected Security Labs
— CloudGoat
— OWASP ServerlessGoat
— OWASP WrongSecrets
— AWS S3 CTF Challenges
— CTF 101 worklab
— Breaking and Pwning Apps and Servers on AWS and Azure
— Thunder CTF
— Sadcloud
— Damn Vulnerable Cloud Application
— AWS Detonation Lab
— Cfngoat - Vulnerable Cloudformation Template
— CdkGoat - Vulnerable AWS CDK Infrastructure
— IAM Vulnerable
— PenTesting.Cloud
— AWSGoat - A Damn Vulnerable AWS Infrastructure
— AzureGoat - A Damn Vulnerable Azure Infrastructure
— caponeme
— TerraGoat - Vulnerable Terraform Infrastructure
— The Big IAM Challenge by Wiz
— CONVEX
— GCP Goat
— Lambhack
Уязвимые лаборатории, на которых можно поучиться находить уязвимости в облачных приложениях, развернутых в средах AWS, Azure или Google Cloud.
— FLAWS
— FLAWS2
— AWS Well Architected Security Labs
— CloudGoat
— OWASP ServerlessGoat
— OWASP WrongSecrets
— AWS S3 CTF Challenges
— CTF 101 worklab
— Breaking and Pwning Apps and Servers on AWS and Azure
— Thunder CTF
— Sadcloud
— Damn Vulnerable Cloud Application
— AWS Detonation Lab
— Cfngoat - Vulnerable Cloudformation Template
— CdkGoat - Vulnerable AWS CDK Infrastructure
— IAM Vulnerable
— PenTesting.Cloud
— AWSGoat - A Damn Vulnerable AWS Infrastructure
— AzureGoat - A Damn Vulnerable Azure Infrastructure
— caponeme
— TerraGoat - Vulnerable Terraform Infrastructure
— The Big IAM Challenge by Wiz
— CONVEX
— GCP Goat
— Lambhack
Уязвимые лаборатории, на которых можно поучиться находить уязвимости в облачных приложениях, развернутых в средах AWS, Azure или Google Cloud.
GitHub
GitHub - BishopFox/cloudfoxable: Create your own vulnerable by design AWS penetration testing playground
Create your own vulnerable by design AWS penetration testing playground - BishopFox/cloudfoxable
🔥11👍6❤3