Blog

Latest Infosec News and Articles Finding SSRF via HTML Injection inside a PDF file on AWS EC2  https://blog.appsecco.com/finding-ssrf-via-html-injection-inside-a-pdf-file-on-aws-ec2-214cc5ec5d90  Attacking Azure, Azure AD, and Introducing PowerZure https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a Memory Analysis For Beginners With Volatility

Latest Infosec News and Articles Memory Analysis For Beginners With Volatility Part 2  https://infosecwriteups.com/memory-analysis-for-beginners-with-volatility-coreflood-trojan-part-2-42bdb46683f2 Exploiting Windows RPC to bypass CFG mitigation: analysis of CVE-2021-26411 in-the-wild sample https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html A repository of sysmon configuration

Latest Infosec News and Articles How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks  https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/  Detecting Network Attacks with Wireshark https://www.infosecmatter.com/detecting-network-attacks-with-wireshark/ Bypass Cloudflare bot protection using Cloudflare Workers https://github.com/jychp/cloudflare-bypass Active

Latest Infosec News and Articles Exploit to SYSTEM for CVE-2021-21551 https://github.com/waldo-irc/CVE-2021-21551 ExifTool CVE-2021-22204 - Arbitrary Code Execution https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html How to Silver Ticket Attack Active directory https://sheerazali.com/how-to-silver-ticket-attack-active-directory/ From theory to practice: analysis and PoC

Latest Infosec News and Articles OAuth 2.0 Hacking Simplified — Part 1 — Understanding Basics  https://infosecwriteups.com/oauth-2-0-hacking-simplified-part-1-understanding-basics-ad323cb4a05c?source=post_internal_links---------0---------------------------- DogWhisperer’s SharpHound Cheat Sheet https://insinuator.net/2021/05/dogwhisperers-sharphound-cheat-sheet/ Offensive Security Guide to SSH Tunnels and Proxies https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6 Misconfigured JSF ViewStates

Latest Infosec News and Articles Red Team utilities https://exploitpack.gitbook.io/exploit-pack-manual-pages/red-team-utilities Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/ Just another "Won't Fix" Windows Privilege Escalation from User to Domain

Latest Infosec News and Articles MeterPwrShell: Bypass AMSI, Bypass Firewall, Bypass UAC, And Bypass Any AVs https://securityonline.info/meterpwrshell-bypass-amsi-bypass-firewall-bypass-uac-and-bypass-any-avs/ Automating XSS using Bash  https://github.com/theinfosecguy/QuickXSS  Offensive Security Guide to SSH Tunnels and Proxies https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6 Exploit for

Latest Infosec News and Articles Windows & Active Directory Exploitation Cheat Sheet and Command Reference https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ XSS from 0! All you need to know! https://medium.com/nerd-for-tech/xss-from-0-all-you-need-to-know-9b39eb52528b Android application exploitation of a Digital Bank 

Latest Infosec News and Articles PENTESTING-BIBLE: Explore more than 2000 hacking articles saved over time as PDF. BROWSE HISTORY. https://github.com/iamrajivd/pentest Unofficial Guide to Mimikatz & Command Reference https://adsecurity.org/?page_id=1821 Cheatsheet: XSS that works

Latest Infosec News and Articles How I Passed OSCP with 100 points in 12 hours without Metasploit in my first attempt https://infosecwriteups.com/how-i-passed-oscp-with-100-points-in-12-hours-without-metasploit-in-my-first-attempt-dc8d03366f33?source=rss----7b722bfd1b8d---4 A tool for generating fake code signing certificates or