TL;DR: You can achieve DDE execution with Excel SpreadSheets embedded within OneNote. This bypasses the original Excel mitigation ruleset…

Halcyon IDE, An IDE for Nmap Script Development, Nmap Script Engine, NSE, Integrated Development Environment, Nmap, Network Mapping, Network Security, Port scanning, Script Development, IDE

Perform advanced MiTM attacks on websites with ease.

On the 19th of October, 2017, the world of IoT shuddered, facing a new enemy – a huge botnet that would be later called Reaper. Reaper is grim and is by far grimmer than the notorious Mirai botnet. According to the data provided by 360 Netlab, it has already…

Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can…

¯\_(ツ)_/¯

I have been keeping this journal for 7 years now and I guess this is a reason to add some  interesting stuff (lately I have been busy in the compiler world on various architectures and different de…

Top 7 Nmap NSE Scripts Recon,nmap nse,nmap tutorial,nmap scan,nmap download,advance nmap tutorial,nmap script nse,zmap nmap tutorial

Contribute to k0keoyo/kDriver-Fuzzer development by creating an account on GitHub.

Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe". - L3cr0f/DccwBypassUAC

Perform advanced MiTM attacks on websites with ease 💉 - samdenty/injectify

Stealing CSRF tokens with CSS injection (without iFrames) - dxa4481/cssInjection

Catching a reverse shell over netcat is great…until you accidentally Ctrl-C and lose it. These techniques let you upgrade your shell to a proper TTY

   Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials.

In your red teaming or pentesting activities escalating to  SYSTEM on a Windows box is always the desired objective. The SYSTEM user is a special operating system user with the highest privilege, m…

sleepya has realised a new security note Windows MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

Kerberos Domain Username Enumeration Over recent years enumerating valid operating system level user names from up-to-date and well-maintained Windows environments, even from an internal test persp…

Pentest Handy Tips and Tricks.

This post is about exploiting BLE 4.0 communication. Learn how to conduct reverse engineering of BLE 4.0 communications and exploit it.