Kerberos Domain Username Enumeration Over recent years enumerating valid operating system level user names from up-to-date and well-maintained Windows environments, even from an internal test persp…

Pentest Handy Tips and Tricks.

This post is about exploiting BLE 4.0 communication. Learn how to conduct reverse engineering of BLE 4.0 communications and exploit it.

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017…

Contribute to Execute-CSharp-From-XSLT-TEST development by creating an account on GitHub.

A blog about information security, hacking, and protecting digital infrastructure. Penetration testing, malware analysis, and intrusion detection.

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free (UAF) vulnerability, which leads to Remote Code Execution (RCE);…

You can configure network port forwarding in all Windows versions without using third-party tools. Using a port forwarding rule, you can redirect an incoming TCP connection (IPv4 or IPv6) from…

CVE-2018-4087 PoC. Contribute to rani-i/bluetoothdPoC development by creating an account on GitHub.

This is a common issue I’ve run across that has several catch 22’s. What is the appropriate amount of cached credentials I should be…

What is Mimikatz? Mimikatz is a Tool made in C Language by Benjamin Delpy. It is a great tool to extract plain text passwords, hashes

Unit 42 examines recent Sofacy group activities including multiple attacks to government entities.

PowerShell Remote Download Cradle Generator & Obfuscator - danielbohannon/Invoke-CradleCrafter

Exchange privilege escalations to Active Directory - gdedrouas/Exchange-AD-Privesc

MS17-010. Contribute to worawit/MS17-010 development by creating an account on GitHub.

APT & CyberCriminal Campaign Collection. Contribute to CyberMonitor/APT_CyberCriminal_Campagin_Collections development by creating an account on GitHub.

An exploration of different browser automation methods to inject JavaScript into webpages.

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.