I‘m going to share an (ab)use of a Windows feature which can result in bypassing User Group Policy (as well as a few other interesting…

weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力：CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-32...

Your syllabus for going from newbie to top hacker

Известный Android-троян сменил тактику и «заработал» десятки миллионов рублей на российских пользователях

A Workflow Engine for Offensive Security. Contribute to j3ssie/osmedeus development by creating an account on GitHub.

We engaged Doyensec to perform a security assessment of our firmware, v3.0.1 at the time of testing. During a 10 person/days project, Doyensec discovered and reported 3 vulnerabilities in our firmware. While two of the issues are considered informational…

Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write...

Burp Collaborator is a network service that enables you to detect invisible vulnerabilities. These are vulnerabilities that don't: Trigger error messages. ...

Adaptive DLL hijacking / dynamic export forwarding - monoxgas/Koppeling

Estimated Reading Time: 8 minutes Summary about Cacti Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality, Cacti provides a fast poller, advanced graph templating, multiple data…

Over the last few weeks, I’ve had conversations with several individuals around mitigating lateral movement in a Windows environment. In…

In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.

Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities. - afang5472/CVE-2020-0753-and-CVE-2020-0754

How to use CSV injection AKA Formula injection to embed a malicous payload into to spread sheet.

🏴‍☠️ Tools for pentesting, CTFs & wargames. - 𝚋𝚢 𝚋𝚝𝟹𝚐𝚕 - GitHub - bt3gl-labs/Pentesting-Toolkit: 🏴‍☠️ Tools for pentesting, CTFs & wargames. - 𝚋𝚢 𝚋𝚝𝟹𝚐𝚕

UAC Bypass with mmc via alpc. Contribute to DimopoulosElias/alpc-mmc-uac-bypass development by creating an account on GitHub.

When I’m on an engagement and I’m given a SOE and a domain account, I usually want to use a tool like PowerShell Empire to remotely…