Red Teaming/Adversary Simulation Toolkit [√] please join our telegram channel Telegram Channel Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites,...

Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester

Technical overview of different way to spawn a reverse shell on a victim machine

This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC.So I decided to write an article dedicated...

Every “Script kiddie” could bypass Windows Defender in a few minutes.

The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Extract stored credentials from Internet Explorer and Edge - HanseSecure/credgrap_ie_edge

What is Maltego and why use it for OSINT?

In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.

In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.

Finding SSRF on app hosted on AWS EC2 allows for data theft from AWS account. Capital One lost 100M+ bank records due to an issue like…

Hello friends!! Today we are discussing about the “Types of Payload in Burp Suite”. Burp Suite is an application which is used for testing Web

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute - peewpw/Invoke-PSImage

Interacting with Azure, offensively

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Elastic Stack is formerly known as the ELK Stack. Elk Stack is a collection of free opensource software from Elastic Company which is specially designed

In this blog I’ll show how database users commonly created for web applications can be used to escalate privileges in SQL Server when database ownership is poorly configured.

Elastic Stack is formerly known as the ELK Stack. Elk Stack is a collection of free opensource software from Elastic Company which is specially designed

Let’s take a look at some essential OSINT resources plus recent developments in the areas of data, tooling, content and community.

Elastic Stack is formerly known as the ELK Stack. Elk Stack is a collection of free opensource software from Elastic Company which is specially designed

Windows Exploit Suggester - Next Generation. Contribute to bitsadmin/wesng development by creating an account on GitHub.

How you can very easily use Remote Desktop Services to gain lateral movement through a network, using no external software — and how to…

Technical overview of different way to spawn a reverse shell on a victim machine

In the previous two articles, I gathered local user credentials and escalated to local administrator, with my next step is getting to domain admin. Since I have local admin, I’ll be using a t…

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

There are many ways an attacker can gain Domain Admin rights in Active Directory. This post is meant to describe some of the more popular ones in current use. The techniques described here "assume...