Search Results for: password

Initial Compromise

Dale Hobbs, External/Internal, How-To, Informational, Password Spray, Red Team, Red Team Tools Active Directory Enumeration, Authentication Testing, Blue Team Defense, CrackMapExec Alternative, Credential Spraying, Lateral Movement, Netexec, Network Discovery, NTLM Authentication, Pass-the-Hash (PTH), Pass-the-Ticket (PTT), SMB Enumeration

Getting Started with NetExec: Streamlining Network Discovery and Access

One tool that I can’t live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

Read the entire post here

Chris Sullo', General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

How to Use Dirsearch

Dirsearch is an open-source multi-threaded “web path discovery” tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.

Read the entire post here

Informational, John Malone, Red Team, Social Engineering initial access, phishing, Vishing

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

Read the entire post here

Informational, Red Team, Red Team Tools Active Directory, Constrained Delegation, Hunter Wade, Kerberos, S4U2Self

Abusing S4U2Self for Active Directory Pivoting

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

Read the entire post here

Free Cybersecurity Tools

Read the entire post here

Blue Team Tools, Bronwen Aker, General InfoSec Tips & Tricks, Informational Copilot, Cyber Deception, LLM

Caging Copilot: Lessons Learned in LLM Security

For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.

Read the entire post here

How-To, Michael Allen, Webcast Wrap-Up Adversary-in-the-Middle, MFA, Multi-Factor Authentication

How to Test Adversary-in-the-Middle Without Hacking Tools

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Jack Hyland, Web App cross-site scripting, xsscanary

Canary in the Code: Alert()-ing on XSS Exploits

I’ve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem […]

Read the entire post here

«‹ 5 6 7 8 ›»