RDP Man-in-the-Middle – Smile! You’re on Camera :: GoSecure
https://gosecure.net/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/
https://gosecure.net/2018/12/19/rdp-man-in-the-middle-smile-youre-on-camera/
GoSecure
RDP Man-in-the-Middle - Smile! You're on Camera
As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.
Hidden directories and files as a source of sensitive information about web application
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad
https://medium.com/@_bl4de/hidden-directories-and-files-as-a-source-of-sensitive-information-about-web-application-84e5c534e5ad
Exploit PHP Remotely - WAF Rule & Filter Bypass
https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/
https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/
Multiple Ways To Exploiting HTTP Authentication
https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/
https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/
Hacking Articles
Multiple Ways To Exploiting HTTP Authentication - Hacking Articles
In this article, we will learn about how to configure the password-protected Apache Web Server to restrict from online visitors without validation so that we
The Difference Between a Penetration Test and a Red Team Engagement | Daniel Miessler
https://danielmiessler.com/blog/the-difference-between-a-penetration-test-and-a-red-team-engagement/
https://danielmiessler.com/blog/the-difference-between-a-penetration-test-and-a-red-team-engagement/
Danielmiessler
The Difference Between a Penetration Test and a Red Team Engagement
One of the most frustrating things to me as a security person is having sales and marketing types confuse the different types of security assessment. Similariti
Cobaltstrike Over External C2 via Dropbox ·
https://truneski.github.io/blog/2018/11/05/cobaltstrike-over-external-c2-via-dropbox/
https://truneski.github.io/blog/2018/11/05/cobaltstrike-over-external-c2-via-dropbox/
Tampering with Windows Event Tracing: Background, Offense, and Defense
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
Medium
Tampering with Windows Event Tracing: Background, Offense, and Defense
Event Tracing for Windows (ETW) is the mechanism Windows uses to trace and log system events. Attackers often clear event logs to cover…
The Practical Guide to Hacking Bluetooth Low Energy
https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
Attify Blog - IoT Security, Pentesting and Exploitation
The Practical Guide to Hacking Bluetooth Low Energy
Learn about various BLE vulnerabilities and the tools and techniques employed for performing attacks on Bluetooth Low Energy devices.
GitHub - ANSSI-FR/ORADAD: Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active Directory data
https://github.com/ANSSI-FR/ORADAD
https://github.com/ANSSI-FR/ORADAD
GitHub
GitHub - ANSSI-FR/ORADAD: Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active…
Outil de récupération automatique des données de l'Active Directory / Automated tool for dumping Active Directory data - ANSSI-FR/ORADAD
Red Teaming Mind Map from The Hacker Playbook 3 – Marco Lancini
https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/
https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/
Marco Lancini's Blog
Red Teaming Mind Map from The Hacker Playbook 3 | Marco Lancini's Blog
A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
SMB hash hijacking & user tracking in MS Outlook
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/smb-hash-hijacking-and-user-tracking-in-ms-outlook/
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/smb-hash-hijacking-and-user-tracking-in-ms-outlook/
Alternative methods of becoming SYSTEM
https://blog.xpnsec.com/becoming-system/
https://blog.xpnsec.com/becoming-system/
XPN InfoSec Blog
@_xpn_ - Alternative methods of becoming SYSTEM
For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works…
Reflected XSS on ws-na.amazon-adsystem.com(Amazon) – newp_th – Medium
https://medium.com/@newp_th/reflected-xss-on-ws-na-amazon-adsystem-com-amazon-f1e55f1d24cf
https://medium.com/@newp_th/reflected-xss-on-ws-na-amazon-adsystem-com-amazon-f1e55f1d24cf
Medium
Reflected XSS on ws-na.amazon-adsystem.com(Amazon)
This is @newp_th.This issue is very similar to my previous report on Reflected XSS on Stack Overflow.
Advanced Threat Tactics – Course and Notes | Strategic Cyber LLC
https://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/
https://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/