A few months ago I came across a curious design pattern on Google Scholar. Multiple screens of the web application were fetched and rendered using a combination of location.hash parameters and XHR to retrieve the supposed templating snippets from a relative…

Rsync is a tool for intelligently syncing local and remote directories. In this article we will explore the basic usage of this utility to copy files from di…

Netsweeper provides real-time content monitoring and reporting for early intervention. One of our researchers had recently managed to perform remote code execution on Netsweeper’s content monitoring platform which may pose a risk to firms and industries utilizing…

Background

I got lots of message for Microsoft POC on Instagram and whatsapp also So i think write a blog for it.

Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

PowerShell scripts for communicating with a remote host. - ivan-sincek/powershell-reverse-tcp

I’ve had several customers come to me before a pentest and say they think they’re in a good shape because their vulnerability scan shows no critical vulnerabilities and that they’…

PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php. - GitHub - splitline/PHPFuck: PHPFuck: ([+.^]) / Using only 7 different characters to write and execute php.

Hey all, This post is about leveraging COM hijacking for lateral movement. I’m going to stay away from deep-diving COM internals as hijacking is not a new topic and has been explored by peopl…

Loads any C# binary in mem, patching AMSI + ETW. . Contribute to Flangvik/NetLoader development by creating an account on GitHub.

Introduction It’s been a long time since I decided to to be away from Twitter for a while for self-improvements reasons and finding…

Contribute to dozernz/cve-2020-11651 development by creating an account on GitHub.

SQL Server Reporting Services(CVE-2020-0618)中的RCE. Contribute to euphrat1ca/CVE-2020-0618 development by creating an account on GitHub.

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN...