https://www.youtube.com/watch?v=c492-BMacZ0 The Windows Debugger, also known as Win-Dee-Bee-Gee is one, if not THE, most popular tool used by reverse engineers and exploit developers to understand how an application works. It
Blog | Ptrace Security GmbH
Blog
IT Security News Bulletin #52
Latest Infosec News and Articles Analyzing Cobalt Strike for Fun and Profit https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/ Sub404: A Fast Tool To Check Subdomain Takeover Vulnerability https://securityonline.info/sub404-check-subdomain-takeover-vulnerability/ MouseJack: From Mouse to Shell – Part 1 https://www.wilbursecurity.com/2019/03/mousejack-from-mouse-to-shell-part-1/ CVE-2020-35489:
IT Security News Bulletin #50
Latest Infosec News and Articles Finding Hidden Files and Folders on IIS using BigQuery https://blog.assetnote.io/2020/09/18/finding-hidden-files-folders-iis-bigquery/ WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack https://securityaffairs.co/wordpress/112218/hacking/easy-wp-smtp-wordpress-plugin-flaw.html Buffer Overflows
IT Security News Bulletin #49
Latest Infosec News and Articles 403Bypasser: bypass 403 restricted directory https://securityonline.info/403bypasser-bypass-403-restricted-directory/ Windows Driver Signing Enforcement bypass https://github.com/theevilbit/workshops/blob/master/DSE%20Bypass%20Workshop/dc26%20-%20Csaba%20Fitzl%20-%20DSE%20Bypass%20Workshop%20-%20Presentation.pdf Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals
IT Security News Bulletin #48
Latest Infosec News and Articles A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet a recon tool that allows searching on URLs that are exposed
IT Security News Bulletin #47
Latest Infosec News and Articles Introduction to Reverse Engineering with Ghidra: A Four Session Course https://wrongbaud.github.io/posts/ghidra-training/ A cheat sheet that contains common enumeration and attack methods for Windows Active Directory https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet ImageMagick
IT Security News Bulletin #46
Latest Infosec News and Articles Advanced MSSQL Injection Tricks https://swarm.ptsecurity.com/advanced-mssql-injection-tricks/ RCE via Server-Side Template Injection https://cyc10n3.medium.com/rce-via-server-side-template-injection-ad46f8e0c2ae XSS Scanner: detects Cross-Site Scripting vulnerabilities in website https://securityonline.info/xss-scanner/ Exploring the Exploitability of “Bad Neighbor”: The Recent
Top 5 books every pentester should read
Books are a valuable resource to improve your ethical hacking and penetration testing skills. Here is a curated list of the top 5 books every penetration tester should read. Penetration
IT Security News Bulletin #45
Latest Infosec News and Articles Powershell script for enumerating vulnerable DCOM Applications https://github.com/sud0woodo/DCOMrade Infection Monkey - An automated pentest tool https://github.com/guardicore/monkey Fuzzing for eBPF JIT bugs in the Linux kernel https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/ Attackers Exploiting
IT Security News Bulletin #44
Latest Infosec News and Articles PowerShell Commands for Pentesters https://www.infosecmatter.com/powershell-commands-for-pentesters/ Identifying & Escalating HTTP Host Header Injection attacks https://medium.com/bugbountywriteup/identifying-escalating-http-host-header-injection-attacks-7586d0ff2c67Pass-the-hash attacks with mimikatz https://stealthbits.com/blog/passing-the-hash-with-mimikatz/ paradoxiaRAT: Native Windows Remote Access Tool https://securityonline.info/paradoxiarat-native-windows-remote-access-tool/ The Memory Process