Nmap Cheatsheet
Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.
Red Team Tools
Netcat (nc) Cheatsheet
Netcat is a network utility tool that has earned the nickname “The Swiss Army Knife” of networking. It can be used for file transfers, chat/messaging between systems, port scanning, and much more.
Getting Started with NetExec: Streamlining Network Discovery and Access
One tool that I can’t live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.
Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot
In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.
Abusing S4U2Self for Active Directory Pivoting
TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!
Offline Memory Forensics With Volatility
Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.
How to Hack Wi-Fi with No Wi-Fi
In this video, John Strand and his team discuss the challenges of setting up and running wireless labs, particularly focusing on the issues faced during Wild West Hackin’ Fest events. They highlight the development of an open-source project aimed at virtualizing wireless labs, which allows learners to practice wireless hacking techniques without needing physical hardware.
Gone Phishing: Installing GoPhish and Creating a Campaign
GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign.
DLL Hijacking – A New Spin on Proxying your Shellcode
This webcast was originally published on October 4, 2024. In this video, experts delve into the intricacies of DLL hijacking and new techniques for malicious code proxying, featuring a comprehensive […]