Author

Beau Bullock, General InfoSec Tips & Tricks, Informational, InfoSec 101, Kaitlyn Wimberley, Red Team Tools Cheatsheet, GraphRunner, Infosec for Beginners, InfoSec Survival Guide

GraphRunner Cheatsheet

GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!

Read the entire post here

Brian King, General InfoSec Tips & Tricks, Informational, InfoSec 101, Red Team Tools Burp Suite, Cheatsheet, Infosec for Beginners, InfoSec Survival Guide

Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you’re likely to use.

Read the entire post here

Ashley Knowles, Informational, InfoSec 101, Red Team Tools Cheatsheet, Impacket, Infosec for Beginners, InfoSec Survival Guide

Impacket Cheatsheet

Impacket is an extremely useful tool for post exploitation. It is a collection of Python scripts that provides low-level programmatic access to the packets and for some protocols, such as DCOM, Kerberos, SMB1, and MSRPC, the protocol implementation itself.

Read the entire post here

Chris Traynor, Informational, InfoSec 101, Red Team Tools Cheatsheet, EyeWitness, Infosec for Beginners, InfoSec Survival Guide

EyeWitness Cheatsheet

Offensive Purpose: Efficient way to gather info about web services & their hosting infrastructure. Automates taking screenshots for quick & easy review.

Read the entire post here

How-To, Informational, Physical, Recon, Sean Verity, Wireless aircrack-ng, airodump-ng

Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite

In this blog, I’m going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest.

Read the entire post here

Alyssa Snow, Blue Team, Blue Team Tools, External/Internal, How-To, Informational Active Directory, ADCS

Detecting ADCS Privilege Escalation

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

Read the entire post here

External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Terry Reece Nmap, Vulnerability Scanning

Vulnerability Scanning with Nmap

Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.

Read the entire post here

Dale Hobbs, External/Internal, How-To, Informational, Password Spray, Red Team, Red Team Tools Active Directory Enumeration, Authentication Testing, Blue Team Defense, CrackMapExec Alternative, Credential Spraying, Lateral Movement, Netexec, Network Discovery, NTLM Authentication, Pass-the-Hash (PTH), Pass-the-Ticket (PTT), SMB Enumeration

Getting Started with NetExec: Streamlining Network Discovery and Access

One tool that I can’t live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

Read the entire post here

Chris Sullo', General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

How to Use Dirsearch

Dirsearch is an open-source multi-threaded “web path discovery” tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.

Read the entire post here

«‹ 2 3 4 5 ›»