Blog

Latest Infosec News and Articles Retrieve LAPS password from the LDAP  https://github.com/swisskyrepo/SharpLAPS http-request-smuggling: HTTP Request Smuggling Detection Tool  https://securityonline.info/http-request-smuggling-detection/ Reverse Engineering Clubhouse: My Observations https://www.klmlabs.co/blog/club-house-observations-th5x8 Offensive Windows IPC Internals 2: RPC https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html Domain Password

Latest Infosec News and Articles Red Team Tactics: Utilizing Syscalls in C# - Prerequisite Knowledge https://jhalon.github.io/utilizing-syscalls-in-csharp-1/ Security Basics: XSS Explained https://medium.com/swlh/security-basics-xss-explained-3ade8071aaa1 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html Testing and exploiting Java Deserialization in

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 2 https://lkmidas.github.io/posts/20210128-linux-kernel-pwn-part-2/ Sudo Exploit Writeup  https://www.kalmarunionen.dk/writeups/sudo/ A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you

Latest Infosec News and Articles Learning Linux Kernel Exploitation - Part 1 https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/#Pentesting laravel debug rce CVE-2021-3129 https://github.com/SNCKER/CVE-2021-3129 How To Attack Kerberos 101 https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html A list of cyber-chef recipes and curated links https://github.com/mattnotmax/cyberchef-recipes Windows

Latest Infosec News and Articles  Weblogic Remote Code Execution Exploiting CVE-2019-2725  https://blog.cybercastle.io/weblogic-remote-code-execution-exploiting-cve-2019-2725/ Microsoft Teams and Skype Logging Privacy Issue  https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-teams-and-skype-logging-privacy-issue/ Bypassing and exploiting Bucket Upload Policies and Signed URLs  https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/  Pentesting the ELK

Latest Infosec News and Articles Win32k System Call Filtering Deep Dive https://improsec.com/tech-blog/win32k-system-call-filtering-deep-dive Bypassing Windows protection mechanisms & Playing with OffensiveNim https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/ SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos

Latest Infosec News and Articles Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR  https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ Building a custom Mimikatz binary https://s3cur3th1ssh1t.github.io/Building-a-custom-Mimikatz-binary/ Code Injection: Windows Taskbar https://x0r19x91.gitlab.io/post/code-injection-mstasklist/ Userland API Monitoring and

Latest Infosec News and Articles Analyzing Cobalt Strike for Fun and Profit https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ Sub404: A Fast Tool To Check Subdomain Takeover Vulnerability https://securityonline.info/sub404-check-subdomain-takeover-vulnerability/ MouseJack: From Mouse to Shell – Part 1 https://www.wilbursecurity.com/2019/03/mousejack-from-mouse-to-shell-part-1/  CVE-2020-35489:

Latest Infosec News and Articles Finding Hidden Files and Folders on IIS using BigQuery  https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/  WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack  https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html  Buffer Overflows