Red Team Tools

Blue Team Tools, External/Internal, InfoSec 301, Recon, Red Team, Red Team Tools attacking, cicd, Defending, devops, GitLab, gogatoz, Phil Miller

Auditing GitLab: The CI/CD Kill Chain

Welcome to GoGatoZ — a purpose-built Go tool for GitLab CI/CD security auditing that can perform and automate the entire CI/CD kill chain along with everything those one-off scripts did and then some.

Read the entire post here

Informational, InfoSec 101, Matthew Eidelberg, Red Team, Red Team Tools ANTISOC, Exploits, Infosec for Beginners, PROMPT#, Zine

How to Identify and Exploit New Vulnerabilities

In the ever-evolving world of cybersecurity, staying ahead of the curve is not just a goal—it’s a necessity. As new vulnerabilities emerge, the race to identify and mitigate them begins. But how do we, the guardians of the digital realm, rapidly pinpoint these threats as they become public? Let’s dive into the fascinating world of vulnerability identification and see how the magic happens.

Read the entire post here

Alyssa Snow, Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Informational, Red Team, Red Team Tools Active Directory, bloodhound

A Practical Guide to BloodHound Data Collection

This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.

Read the entire post here

Ben Bowman, Linux, Red Team, Red Team Tools

The “P” in PAM is for Persistence: Linux Persistence Technique

Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.

Read the entire post here

How-To, Informational, InfoSec 201, Phishing, Recon, Red Team, Red Team Tools Domain Categorization, DomCat, Expired Domains, William Oldert

DomCat: A Domain Categorization Tool

DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.

Read the entire post here

Informational, InfoSec 101, Red Team, Red Team Tools Cheatsheets, Infosec for Beginners, InfoSec Survival Guide

Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource

An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.

Read the entire post here

General InfoSec Tips & Tricks, Informational, InfoSec 101, Michael Allen, Red Team Tools Cheatsheet, DNS Triage, Infosec for Beginners, InfoSec Survival Guide

DNS Triage Cheatsheet

DNS Triage is a reconnaissance tool that finds information about an organization’s infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.

Read the entire post here

Beau Bullock, General InfoSec Tips & Tricks, Informational, InfoSec 101, Kaitlyn Wimberley, Red Team Tools Cheatsheet, GraphRunner, Infosec for Beginners, InfoSec Survival Guide

GraphRunner Cheatsheet

GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!

Read the entire post here

Brian King, General InfoSec Tips & Tricks, Informational, InfoSec 101, Red Team Tools Burp Suite, Cheatsheet, Infosec for Beginners, InfoSec Survival Guide

Burp Suite Cheatsheet

Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you’re likely to use.

Read the entire post here

1 2 3 4 ›»