You know what time it is? ⏰It's Active Directory o'clock! I updated my AD Exploitation Cheat Sheet based on (among others) techniques discussed in the CRTO course. New: DPAPI & GPO Abuse Improved: LAPS, AppLocker/CLM, PowerView/Rubeus refs, many more 👇 casvancooten.com/posts/2020/11/…

Active Directory Cheat Sheet:- github.com/fuzz-security/… Credit :- Emad Shanab - أبو عبد الله #HackENews #bugbounty #bugbountytips #cybersecurity #infosec

OTP brute-force via rate limit bypass #bugbountytips #bugbounty #infosec bilalabdulmuqeet.medium.com/brute-forcing-…

I just posted a short write-up on a 2FA bypass I found. This was caused by a misconfigured OpenID implementation. youst.in/posts/bypassin…

I recently published a blog on "Attacking Social Logins: Pre-Authentication Account Takeover" Blog Link: hbothra22.medium.com/attacking-soci… I hope you will find it useful. #appsec #infosec #webappsec #bugbountytips #Pentesting

▶ Microsoft #ADCS - Abusing #PKI in Active Directory environment ◀ I've been bragging about it for months, this is the result of many weeks of work on lesser known compromise paths for #pentest by using enterprise PKI. Feedback is highly appreciated! riskinsight-wavestone.com/en/2021/06/mic…

When you find response header injection, you can probably do better than mere XSS or open-redir. Try injecting a short Content-Length header to cause a reverse desync and exploit random live users.

[Guide] AzureHound Cypher Cheatsheet hausec.com/2020/11/23/azu… [Repo] AzureHound github.com/BloodHoundAD/A… Docu: bloodhound.readthedocs.io/en/latest/data… #PowerShell #MicrosoftAzure #BlueTeaming

A New Attack Surface on Microsoft Exchange! The series covers most of my Black Hat USA and DEFCON talks (with slides and video inside). More articles and vulnerabilities are coming soon! blog.orange.tw/2021/08/proxyl…

NEW fully undetectable AMSI bypass script based on Matt Graeber Matt Graeber 'amsiInitFailed' script. After one year my "old" AMSI bypass script is now detected by 9 AV. So here is the new fully undetectable script: kmkz

When attackers use BitLocker to encrypt your drives (sic!), digging through the ntds.dit file and looking for recovery keys may be the best option. And it’s exactly why I created such script. ExtractFVEPasswordsFromNTDS.ps1 Enjoy :) github.com/gtworek/PSBits…

Zero to Hero guide for Azure Device Code Phishing for Red Team engagements! Covers everything from creating a malicious Azure phishing infrastructure to achieving Azure Account Take-Over! Secrets to open OWA via Substrate! Credits: Steve Borosh Dr. Nestori Syynimaa 0xboku.com/2021/07/12/Art…

#SSRF Payloads for LFR/LFD file:/etc/passwd%3F/ file:/etc%252Fpasswd/ file:/etc%252Fpasswd%3F/ file:///etc/%3F/../passwd file:${br}/et${u}c%252Fpas${te}swd%3F/ file:$(br)/et$(u)c%252Fpas$(te)swd%3F/ SSRF POLYGLOT file:///etc/passwd?/../passwd rodoassis.medium.com/on-ssrf-server…

Advanced SQL Injection Cheatsheet This repository contains a advanced methodology of all types of SQL Injection. github.com/kleiton0x00/Ad…

Yo, take a look at our blog at aptw.tf for the finest offensive cyber pasta recipes! With love and affection, your friendly neighborhood tortellini! Her0 Riccardo Mrsaighnal 0blio VincentDThe Electroxero Paolo Stagno (VoidSec) Paolo Caminati last

After a lot of effort, I thought to share my browser exploitation journey of an old Firefox Integer Overflow bug: voidsec.com/browser-exploi… Please, be clement as it's my 2nd time tackling browser exploitation and report back any messy explanation or if I missed some important bits.

Our security researchers discovered a technique that allows attackers to disclose sensitive information from Python applications using the popular Django framework. Learn more in our technical analysis: blog.sonarsource.com/disclosing-inf…

My write-up for the Blue Frost Security Windows Exploitation Challenge released during Ekoparty: voidsec.com/windows-exploi… Thanks Blue Frost Security for the challenge, I've enjoyed it very much

Me and Her0 did a fair bit of research against one of the leading EDRs in the sector. This first post will hopefully be the start of a long saga, documenting all of our findings. This first part was dated back in 2020: riccardoancarani.github.io/2023-08-03-att…

It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and Her0 hope that you had as much fun reading it as we had writing it. riccardoancarani.github.io/2023-11-07-att…