plaxx + pentest   154

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.
security  mitre  dfir  pentest  reference  ttp 
6 days ago by plaxx
hfiref0x/UACME: Defeating Windows User Account Control
Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.
security  uac  bypass  windows  privilege-escalation  pentest  exploit  vulnerability 
september 2017 by plaxx
Port-knocking Backdoor | memset's blog
raw socket port knocking connect back backdoor
backdoor  linux  unix  C  opensource  how-to  pentest  malware 
august 2017 by plaxx
internetwache/GitTools: A repository with 3 tools for pwn'ing websites with .git repositories available
able to gather files and intel from an exposed .git/ folder even if webserver has directory listing disabled
git  extract  dump  pentest  recon 
april 2016 by plaxx
local/network privilege escalation source code
nbns  ntlm  http  wpad  proxy  pentest  privilege-escalation  windows  security  blog 
march 2016 by plaxx
SecurityInnovation/AuthMatrix - Python
AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. It differentiates itself from several authorization testing extensions in that it focuses on the pentester thoroughly defining tables of users, roles, and requests for the specific target application upfront.
burp  plugin  web  webdev  pentest  roles  security  authentication  authorization 
february 2016 by plaxx
HackStory/ at master · tfairane/HackStory
McAfee privileged SiteList.xml leads to Active Directory domain privilege escalation
antivirus  pentest  vulnerability 
february 2016 by plaxx
PowerTools/PowerUp at master · PowerShellEmpire/PowerTools
PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
windows  privilege-escalation  privileges  pentest 
january 2016 by plaxx
« earlier      
per page:    204080120160

related tags

3com  802.11  active  active-directory  ad  addon  agent  aireplay  aireplay-ng  analytics  android  antivirus  application  appsec  archive  arp  article  attack  audit  auditing  authentication  authorization  automation  autorun  av-bypass  backdoor  backtrack  bash  beef  benchmark  binary  blackhat  blog  browser  bruteforce  bug  builder  burp  bypass  C  capture  challenge  charts  cheatsheet  check  chrome  cmd  collection  command-injection  commercial  community  comparison  configuration  cracking  crawler  credentials  cross-platform  ctf  dashboard  data  database  datamining  debugger  debugging  development  dfir  dictionary  dirbuster  discovery  distro  dns  documentation  docx  dom  dropper  dsniff  dump  dvwa  electronics  email  embedded  engine  enumeration  evasion  example  execution  exploit  exploitation  exploits  extension  extensions  extract  f-secure  facebook  file  fingerprint  firefox  flash  forensics  framework  free  funny  fuzzer  games  gdb  git  github  gnome  go  go-lang  google  googledork  gpo  gui  h3c  hackfest  hacking  hardening  hardware  headers  honeypot  hostap  how-to  hp  hpp  hta  http  https  ics  ids  image  information  infosec  infra  infrastructure  injection  internet  ios  ipv6  iwl4965  java  javascript  jobs  juggling  kerberos  lfi  library  link  linux  list  livecd  local  lotus  mac  malware  man-in-the-browser  man-in-the-middle  mdns  memory  metasploit  meterpreter  mitm  mitre  mobile  module  msfvenom  mssql  nbns  netbios  netcat  netflix  network  networking  nmap  nse  ntlm  ntp  ntpd  obfuscation  online  openmoko  opensoruce  opensource  os  osx  owasp  packer  papers  pass-the-hash  passive  password  passwords  pauldotcom  payload  pcap  pdf  penetration  pentest  pentesting  perl  persistence  phishing  phone  php  physical  pivot  playground  plugin  plugins  poc  poison  poisonning  post-exploitation  post-message  powershell  preg  presentation  privacy  privilege  privilege-escalation  privileges  proxy  python  QA  rails  rat  rce  rcp  reader  recon  recovery  red-team  reference  regex  report  research  resource  reverse-engineering  reverse-shell  rfid  roles  rootkit  rop  RoR  ruby  sample  sandbox  scada  scan  scaner  scanner  scanning  scraping  scrawlr  screenshot  script  scripts  search  security  serialization  server  servers  service  shell  shellcode  sidejacking  sinatra  sip  slack  smb  sniffer  sniffing  social  social-engineering  socket  software  some  spider  sql  sql-injection  sqli  sqlmap  sqlninja  ssh  ssl  ssti  standard  stealth  steganography  story  switch  sysadmin  system  talk  tcp  team  technique  telnet  template  test  testing  tips  tls  tool  tools  training  tricks  ttp  tunnel  tutorial  uac  ubuntu  udp  unix  updates  usb  vbscript  video  virtualbox  visualization  vlan  vm  voip  vulnerability  vulnerability-research  vulnerable  waf  web  web-based  web-shell  webapp  webdav  webdev  webkit  webservices  websocket  wep  whitelisting  wiki  windows  wireless  wordlist  wpad  xfr  xss  xxe 

Copy this bookmark: