GitHub - paranoidninja/CarbonCopy: A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
https://github.com/paranoidninja/CarbonCopy
https://github.com/paranoidninja/CarbonCopy
GitHub
GitHub - paranoidninja/CarbonCopy: A tool which creates a spoofed certificate of any online website and signs an Executable for…
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux - paranoidninja/CarbonCopy
GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
https://github.com/TrustedSec/social-engineer-toolkit
https://github.com/TrustedSec/social-engineer-toolkit
GitHub
GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of…
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. - trustedsec/social-engineer-toolkit
Data Exfiltration | Azeria Labs
https://azeria-labs.com/data-exfiltration/
https://azeria-labs.com/data-exfiltration/
Azeria-Labs
Data Exfiltration
Zero Day Initiative — CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability
https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability
https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability
Zero Day Initiative
Zero Day Initiative — CVE-2019-0604: Details of a Microsoft SharePoint RCE Vulnerability
Last month, Microsoft released patches to address two remote code execution (RCE) vulnerabilities in SharePoint. In both Critical-rated cases, an attacker could send a specially crafted request to execute their code in the context of the SharePoint application…
Windows Privilege Escalation Guide
http://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
http://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Absolomb
Windows Privilege Escalation Guide
Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can…
UPDATE: AutoSploit 3.0 - The New Year's edition - PenTestIT
http://pentestit.com/update-autosploit-3-0-the-new-years-edition/amp/?__twitter_impression=true
http://pentestit.com/update-autosploit-3-0-the-new-years-edition/amp/?__twitter_impression=true
PenTestIT
UPDATE: AutoSploit 3.0 - The New Year's edition - PenTestIT
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest…
GitHub - SecureThisShit/WinPwn: Automation for internal Windows Penetrationtest / AD-Security - Still much work to do
https://github.com/SecureThisShit/WinPwn
https://github.com/SecureThisShit/WinPwn
GitHub
GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
Automation for internal Windows Penetrationtest / AD-Security - S3cur3Th1sSh1t/WinPwn
Writing a Custom Shellcode Encoder – syscall59 – Medium
https://medium.com/syscall59/writing-a-custom-shellcode-encoder-31816e767611
https://medium.com/syscall59/writing-a-custom-shellcode-encoder-31816e767611
Medium
Writing a Custom Shellcode Encoder
An example of how to write a custom encoder and decoder in plain assembly.
An extensive step by step reverse engineering of a Linux CTF binary
http://blog.kartone.ninja/2019/03/25/when-a-reverse-me-ctf-binary-makes-you-loose-that-job/
http://blog.kartone.ninja/2019/03/25/when-a-reverse-me-ctf-binary-makes-you-loose-that-job/
Kartone Infosec Blog
An extensive step by step reverse engineering of a Linux CTF binary
...or in other words, when failing to reverse a CTF binary makes you loose a job
A mimikatz update to start the week... introducing very experimental ARM64 support 🥳 for Windows 10 (1803), with a tons of bugfixes and two or three little things for pleasure
https://t.co/Wzb5GAfWfd
Yes, it still support Windows XP 😉
https://t.co/Wzb5GAfWfd
Yes, it still support Windows XP 😉
GitHub
Releases · gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
Compilation of recon workflows · Pentester Land
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
https://pentester.land/cheatsheets/2019/03/25/compilation-of-recon-workflows.html
Pentester Land
Compilation of recon workflows
Hi, this is a compilation of recon workflows found online. Use it as inspiration for creating your own Web pentest / bug bounty recon workflow.
These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please…
These are all the ones that I could find. So if yours is missing and you want to see it featured above too, please…
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 1
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
https://blog.appsecco.com/automating-discovery-and-exploiting-dom-client-xss-vulnerabilities-using-sboxr-part-1-2e55c120c9e1
Medium
Automating Discovery and Exploiting DOM (Client) XSS Vulnerabilities using Sboxr — Part 1
This series of blogposts show how you can identify DOM XSS issues using Sboxr on Single Page or JavaScript rich applications. As examples…
GitHub - outflanknl/Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
https://github.com/outflanknl/Excel4-DCOM
https://github.com/outflanknl/Excel4-DCOM
GitHub
GitHub - outflanknl/Excel4-DCOM: PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM…
PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe) - outflanknl/Excel4-DCOM
How to Find Subdomains (And Why You Should) – Katerina Borodina – Medium
https://www.explainhownow.com/2019/how-to-find-subdomains/
https://www.explainhownow.com/2019/how-to-find-subdomains/
GitHub - BloodHoundAD/BloodHound-Tools: Miscellaneous tools for BloodHound
https://github.com/BloodHoundAD/BloodHound-Tools
https://github.com/BloodHoundAD/BloodHound-Tools
GitHub
GitHub - BloodHoundAD/BloodHound-Tools: Miscellaneous tools for BloodHound
Miscellaneous tools for BloodHound. Contribute to BloodHoundAD/BloodHound-Tools development by creating an account on GitHub.
One-liner Safari sandbox escape exploit – 0xCC – Medium
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef
https://medium.com/0xcc/one-liner-safari-sandbox-escape-exploit-91082ddbe6ef