Blog

Latest Infosec News and Articles Red Team utilities https://exploitpack.gitbook.io/exploit-pack-manual-pages/red-team-utilities Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/ Just another "Won't Fix" Windows Privilege Escalation from User to Domain

Latest Infosec News and Articles MeterPwrShell: Bypass AMSI, Bypass Firewall, Bypass UAC, And Bypass Any AVs https://securityonline.info/meterpwrshell-bypass-amsi-bypass-firewall-bypass-uac-and-bypass-any-avs/ Automating XSS using Bash  https://github.com/theinfosecguy/QuickXSS  Offensive Security Guide to SSH Tunnels and Proxies https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6 Exploit for

Latest Infosec News and Articles Windows & Active Directory Exploitation Cheat Sheet and Command Reference https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ XSS from 0! All you need to know! https://medium.com/nerd-for-tech/xss-from-0-all-you-need-to-know-9b39eb52528b Android application exploitation of a Digital Bank 

Latest Infosec News and Articles PENTESTING-BIBLE: Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY. https://github.com/iamrajivd/pentest Unofficial Guide to Mimikatz & Command Reference https://adsecurity.org/?page_id=1821 Cheatsheet: XSS that works

Latest Infosec News and Articles How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt https://infosecwriteups.com/how-i-passed-oscp-with-100-points-in-12-hours-without-metasploit-in-my-first-attempt-dc8d03366f33?source=rss----7b722bfd1b8d---4 A tool for generating fake code signing certificates or

Latest Infosec News and Articles Bug Bounty Roadmaps https://github.com/1ndianl33t/Bug-Bounty-Roadmaps  A tool for generating fake code signing certificates or signing real ones  https://github.com/Tylous/Limelighter Dumping LSASS in memory undetected using MirrorDump https://www.pentestpartners.com/security-blog/dumping-lsass-in-memory-undetected-using-mirrordump/ vulnx 🕷️ is

Latest Infosec News and Articles How APTs Use Reverse Proxies to Nmap Internal Networks  https://www.varonis.com/blog/nmap-reverse-proxies/?utm_content=158497201&utm_medium=social&utm_source=twitter&hss_channel=tw-21672993 FuzzingTool: web penetration testing tool https://securityonline.info/fuzzingtool-web-penetration-testing-tool/ RCE Exploit in BIG IP https://github.com/h4x0r-dz/RCE-Exploit-in-BIG-IP JWTweak: Detects the algorithm of input

Latest Infosec News and Articles Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html Implementing Direct Syscalls Using Hell’s Gate https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/ VM Detection Tricks, Part 1: Physical memory resource maps  https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/ Hacking IIS https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view CVE-2021-27927:

Latest Infosec News and Articles OffensivePipeline v0.8.2 releases: download, compile and obfuscate C# tools for Red Team exercises  https://securityonline.info/offensivepipeline-download-compile-and-obfuscate-c-tools-for-red-team-exercises/  Scanning APK file for URIs, endpoints & secrets. https://github.com/dwisiswant0/apkleaks CVE-2021-27927: CSRF to RCE

Latest Infosec News and Articles Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys https://infosecwriteups.com/evade-avs-edr-with-shellcode-injection-159dde4dba1a Heap-based AMSI bypass for MS Excel VBA and others  https://codewhitesec.blogspot.com/2019/07/heap-based-amsi-bypass-in-vba.html VirtualBox E1000 Guest-to-Host Escape