pentest   3683

« earlier    

Singularity - A DNS Rebinding Attack Framework - KitPloit - PenTest Tools for your Security Arsenal ☣
DNS rebinding changes the IP address of an attacker controlled machine name to the IP address of a target application, bypassing the same-origin policy and thus allowing the browser to make arbitrary requests to the target application and read their responses. The Singularity DNS server is responding with short time to live (TTL) records, minimizing the time the response is cached. When the victim browses to the Singularity manager interface, the Singularity's DNS server first responds with the IP address of Singularity itself where the client-side code (payload) is hosted. When the DNS record times out, the Singularity DNS server responds with the IP address of the target host (e.g. and the victim's browser can access the target application, circumventing the browser's same-origin policy.
dns  pentest  tool 
3 days ago by whip_lash
FuzzySecurity | Windows Userland Persistence Fundamentals
This tutorial will cover several techniques that can be used to gain persistent access to Windows machines. Usually this doesn't enter into play during a pentest (with the exception of red team engagements) as there is no benefit to adding it to the scope of the project. That is not to say it is not an interesting subject, both from a defensive and offensive perspective.
persistence  windows  pentest  redteam  security 
4 days ago by whip_lash
What you really need for Pentesting by Paul Stewart - how to, learning, OSCP | Peerlyst
Working as a pentester is a very different thing to training to be one. I wanted to shed a little light on what you really need to be a competent pentester.
5 days ago by whip_lash
A collection of security related toolsets. GhostPack has 7 repositories available. Follow their code on GitHub.
c#  powershell  pentest  internal  tools  security  infosec  smb  powerup  dump 
6 days ago by plaxx
Dumping Domain Password Hashes
There are various techniques that can be used to extract this file or the information that is stored inside it however the majority of them are using one of these methods:

Domain Controller Replication Services
Native Windows Binaries
hash  activedirectory  pentest 
7 days ago by whip_lash
Bypassing CSRF tokens with Python's CGIHTTPServer | Pure Hacking
There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There's also Grep-Extract and pitchfork attack type specifically for Intruder. And, you might even develop your Burp Extension to do it. Sqlmap has a --csrf-token and a --csrf-url for the same purpose, or you can just configure Burp as previously stated, and run sqlmap through Burp using --proxy.

Now, here's another way, using CGIHTTPServer from python.
bugbounty  pentest  webapp  csrf 
7 days ago by whip_lash
Wildpwn - Unix Wildcard Attack Tool - KitPloit - PenTest Tools for your Security Arsenal ☣
Wildpwn is a Python UNIX wildcard attack tool that helps you generate attacks, based on a paper by Leon Juranic. It’s considered a fairly old-skool attack vector, but it still works quite often.
unix  exploit  linux  pentest  tool 
7 days ago by whip_lash
Quickpost: Compiling EXEs and Resources with MinGW on Kali | Didier Stevens
Compile for 64-bit:

x86_64-w64-mingw32-windres demo.rc demo-resource-x64.o
x86_64-w64-mingw32-gcc -o demo-x64.exe demo-resource-x64.o demo.c
Compile for 32-bit:

i686-w64-mingw32-windres demo.rc demo-resource-x86.o
i686-w64-mingw32-gcc -o demo-x86.exe demo-resource-x86.o demo.c
mingw  c  c++  windows  kali  pentest 
7 days ago by whip_lash
Bypassing CSRF tokens with Python's CGIHTTPServer

bugbounty  pentest  infosec  from twitter_favs
9 days ago by blackthorne
Clientside Exploitation - Tricks of the Trade 0x01 - Sharpshooter + SquibblyTwo - Malware - 0x00sec - The Home of the Hacker
Today I am going to show you how to:

Create a payload that isn’t detected by Windows Defender, even with real-time protection, advanced threat protection, and AMSI
Do all of this without Cobalt Strike, and instead with Sharpshooter + Metasploit/Msfvenom*
malware  sharpshooter  payload  pentest 
9 days ago by whip_lash

« earlier    

related tags

2018  802.11  active  activedirectory  ad  adversary  aggressor  apache  api  appsec  article  att&ck  att&ck  attackers  authentication  aws  base  blog  bluecoat  blueteam  bookmarks_bar  bruteforce  bugbounty  burp  c#  c&c  c++  c  cheatsheet  cheatsheets  christopherhadnagy  cloud  cloud_computing  cobaltstrike  commandline  cracking  crawler  csrf  ctf  cyb608  cyb632  cyb633  cybersecurity  database  datascience  delicious  directory  dns  domain  dump  education  email  erlang  exploit  filesharing  filter  forensics  github  gobuster  hacking  hacks  hash  history  hootoo  humanhacker  iam  impacket  important  infosec  internal  javascript  json  kali  kerberoast  kerberos  kubernetes  learning  lfi  library  linux  mac  machine.learning  malware  memory  metasploit  mingw  netsec  network  ocsp  offense  oob  oracle  oscp  osint  passwords  patator  payload  pci  pdf  penetration.testing  pentest-tools  pentesting  persistence  phishing  planning  plugin  poc  powershell  powerup  priv-esc  privesc  privilege_escalation  privilegeescalation  pulsesecure  python  recon  reconnaissance  redteam  redteaming  reference  references  reverseshell  review  router  s3  scam  scanner  scripting  search  security  sharpshooter  shell  shellcode  smb  social-media-face-recognition  social_engineering  socialengineering  ssh  struts  sysadmin  teaching  tips  tool  tools  travel  tty  twitter  unix  user-enumeration  vishing  web  webapp  wifi  windows  wordlist  wpa  xss 

Copy this bookmark: