Scenario You have recovered Domain User credentials for a domain but have  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establis…

A blog about information security, hacking, and protecting digital infrastructure. Penetration testing, malware analysis, and intrusion detection.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. - trimstray/the-book-of-secret-knowledge

Pwn2Own is a heck of an amazing contest. Not only because of all the media and vibe that goes with it, but because of the caliber of skills that we see demonstrated. It’s also quite fascinating to see new people burst onto the scene with mad skills. Additionally…

As the pace of life accelerates, we spend less time waiting or in downtime.  Kubernetes offers something similar for our life with technology. It is a container orchestration platform that offers an easy, automated way...

In August 2019 Microsoft announced it had patched a collection of RDP bugs, two of which were wormable. The wormable bugs, CVE-2019-1181 & CVE-2019-1182 affect every OS from Windows 7 to Windows 10. There is some confusion about which CVE is which, though…

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. - toniblyx/my-arsenal-of-aws-security-tools

Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.

How To Create a Private Online Identity with An Anonymous Email Address and a Virtual Phone.

So you guys must be aware of CSRF attack, if not then here is a short intro:

Open-Source Phishing Toolkit. Contribute to gophish/gophish development by creating an account on GitHub.

Every Windows computer that joins a domain has a computer account. Similar to user accounts, computer accounts provide a means for authentic...

Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to…

Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to write about my thoughts on process injection, and sh…

This script is intended to automate your reconnaissance process in an organized fashion - nahamsec/lazyrecon

In this excerpt of a Trend Micro Vulnerability Research Service report, Saran Neti and Sivathmican Sivakumaran of the Trend Micro Research Team detail a recent buffer overflow vulnerability in the Squid web proxy. A remote, unauthenticated attacker could…

ATT&CK Sub-Techniques Preview