pentest   3418

« earlier    

PSExec Demystified
PSExec has a Windows Service image inside of its executable. It takes this service and deploys it to the Admin$ share on the remote machine. It then uses the DCE/RPC interface over SMB to access the Windows Service Control Manager API. It turns on the PSExec service on the remote machine. The PSExec service then creates a named pipe that can be used to send commands to the system.
psexec  cybersecurity  microsoft  smb  pentest  metasploit 
11 hours ago by bwiese
Top 32 Nmap Command Examples For Linux Sys/Network Admins - nixCraft
Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes. Let us see some common nmap command examples.
linux  networking  pentest 
19 hours ago by jchris
4 open-source Mitre ATT&CK test tools compared | CSO Online
examine four of the open-source tools: Endgame’s Red Team Automation (RTA), Mitre’s Caldera, Red Canary’s Atomic Red, and Uber’s Metta
mitre  attack  pentest  redcanary 
yesterday by bwiese
How to prevent bypassing AppLocker using Alternate Data Streams – Gunnar Haslinger
So, what’s the trick to bypass AppLocker: We copy the contents of an executable to an Alternate Data Stream of the logs-directory. To be clear: Not to a file in the logs-directory, but to an ADS of the logs-directory itself! The copy-job is done using the “type” command redirecting the output to an ADS. The execution of an ADS can be done by various ways, one way would be to use wmic to create a new process, but there are other ways too.
pentest  security  windows  postexploitation  whitelist-evasion 
yesterday by whip_lash
Web Application Penetration Testing Cheat Sheet |
This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level.
webdev  infosec  cheatsheet  pentest  programming  web  security  testing 
yesterday by mdciotti
bohops on Twitter: "Is Explorer.exe the ultimate #lolbin? explorer.exe [exe/hta/scr/...etc] *Invokes child processes when called (after a lookup of the the default program handler) *Hides from the default filter in AutoRuns *Just might be doing a little m
Favorite tweet:

Is Explorer.exe the ultimate #lolbin?

explorer.exe [exe/hta/scr/...etc]

*Invokes child processes when called (after a lookup of the the default program handler)
*Hides from the default filter in AutoRuns
*Just might be doing a little more on a workstation in your network#DFIR

— bohops (@bohops) April 19, 2018
Twitter  pentest  security  windows  postexploitation  whitelist-evasion 
yesterday by whip_lash
GitHub - api0cradle/LOLBAS: Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Favorite tweet:

A good documentation on all the different #LOLBins and #LOLScripts would be nice? Right?

Good thing I have started then. Still have a lot of notes to add, but I feel this is a good start. Would love community feedback and contributions.

Is this useful?

— Oddvar Moe [MVP] (@Oddvarmoe) April 19, 2018
Twitter  pentest  security  livingofftheland  whitelist-evasion  postexploitation  windows 
2 days ago by whip_lash
A Detailed Guide on OSCP Preparation - From Newbie to OSCP - Checkmate
OSCP is not about clearing the exam. It’s all about working deeply on labs.

In General,

It’s not about the destination. It’s all about the journey.

So, it is recommended to take 2 or 3 months lab. 1 month lab will never be enough for learning. If you have enough time to work dedicatedly on weekdays, you can take 2 months. Else take 3 months minimum.
oscp  pentest  certification  review  training 
2 days ago by bwiese
Finding Vulnerabilities with DISA STIG Viewer - ITGoodToKnow
The Cyber Security Evaluation Tool (CSET®) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) by cybersecurity experts and with assistance from the National Institute of Standards and Technology (NIST). This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.​
pentest  tools  stig 
2 days ago by bwiese
In-Memory Evasion | Strategic Cyber LLC
In-memory Evasion is a four-part mini course on the cat and mouse game related to memory detections.
cobaltstrike  filelessmalware  pentest  forensics  dfir  memory 
2 days ago by bwiese
subTee: WMIC.EXE Whitelisting Bypass - Hacking with Style, Stylesheets
SO here we have it, another tool, like regsvr32.exe that can accept a script path, or url and execute it.

Much like regsvr32, wmic is proxy aware, and works over TLS.
windows  postexploitation  pentest  whitelist-evasion 
2 days ago by whip_lash
mitmproxy - an interactive HTTPS proxy
mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols.

You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.
cli  http  mitm  proxy  tls  debug  webdev  https  pentest 
5 days ago by lidel

« earlier    

related tags

activedirectory  application  apt  attack  audio  audit  automation  browser  bugbounty  certification  cheat  cheats  cheatsheet  cheatsheets  checker  ciberseguridad  cli  cobaltstrike  code  commandinjection  ctf  cybersecurity  database  debug  development  devops  devsecops  dfir  dns  docker  documentation  domain  drupal  endgame  enumeration  extensions  filelessmalware  forensics  framework  github  guide  hack  hacking  harden  hardening  hashcat  hashes  helk  heroku  history  howto  http  https  infosec  internet  javascript  jira  js  jscript  kali  lab  learn  linux  livingofftheland  malware  memory  metasploit  microsoft  mindmap  mitm  mitre  netsec  network  networking  opensource  oscp  osint  outlook  owasp  passwords  penetracion  penetration.testing  penetration  pentesting  php  poc  postexploitation  powershell  privacy  privesc  privilege-escalation  programming  proxy  psexec  python  qa  rce  recon  redcanary  redeteam  redteam  reference  responder  review  ruby  sans  scanner  script  security  seguridad  server  smb  software  ssl  ssrf  stig  sysadmin  technique  test  testing  tests  threathunting  tips  tls  tool  tools  training  twitter  video  vulnerability  vulnwhisper  web  webapp  webcast  webdev  whitelist-evasion  whitepaper  wifi  windows 

Copy this bookmark: