Hey all, I’m back in the pocket after doing the deep dive into hack the box. I really enjoyed the bulk of the challenges and learned some new great tricks and techniques. One box I highly rec…

Bypassing CloudFlare's WAF to exploit an OGNL injection vulnerability in a red team engagement while avoiding detection.

NTLM is still actively exploited. Follow each step in this Vigilance MDR analysis of a real-world attack and learn how to prevent it on your network.

Continuing from our previous blog Basics of AWS S3 Bucket Penetration Testing and once you have configured the AWS CLI setup we will move to exploit the AWS S3 bucket vulnerabilities. AWS S3 Common Vulnerabilities: Unauthenticated Bucket Access: S3 bucket…

A few months ago I came across a curious design pattern on Google Scholar. Multiple screens of the web application were fetched and rendered using a combination of location.hash parameters and XHR to retrieve the supposed templating snippets from a relative…

Rsync is a tool for intelligently syncing local and remote directories. In this article we will explore the basic usage of this utility to copy files from di…

Netsweeper provides real-time content monitoring and reporting for early intervention. One of our researchers had recently managed to perform remote code execution on Netsweeper’s content monitoring platform which may pose a risk to firms and industries utilizing…

Background

I got lots of message for Microsoft POC on Instagram and whatsapp also So i think write a blog for it.

Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

PowerShell scripts for communicating with a remote host. - ivan-sincek/powershell-reverse-tcp

I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’…

PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php. - GitHub - splitline/PHPFuck: PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php.

Hey all, This post is about leveraging COM hijacking for lateral movement. I’m going to stay away from deep-diving COM internals as hijacking is not a new topic and has been explored by peopl…

Loads any C# binary in mem, patching AMSI + ETW. . Contribute to Flangvik/NetLoader development by creating an account on GitHub.