What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-26 11:57:26 | Test de pénétration de Jenkins Jenkins Penetration Testing (lien direct) |
> Jenkins est un serveur d'automatisation open source utilisé pour l'intégration continue (CI) et la livraison continue (CD).Il est construit sur Java et utilise une plate-forme de script pour
>Jenkins is an open-source automation server used for continuous integration (CI) and continuous delivery (CD). It’s built on Java and utilizes a scripting platform for |
|||
|
2024-04-23 17:35:53 | Tests de pénétration de Tomcat Tomcat Penetration Testing (lien direct) |
> Apache Tomcat, développé par l'Apache Software Foundation, est un serveur Web et un conteneur servlet largement utilisés.À l'origine, il servait de plate-forme de démonstration pour
>Apache Tomcat, developed by the Apache Software Foundation, is a widely used web server and servlet container. Originally, it served as a demonstration platform for |
★★★ | ||
|
2024-04-23 00:38:37 | Bonjour le monde! Hello world! (lien direct) |
Bienvenue à WordPress.Ceci est votre premier commentaire.Modifiez-le ou supprimez-le, puis commencez à écrire!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing! |
★ | ||
|
2024-04-22 10:18:34 | Un guide détaillé sur PWNCAT A Detailed Guide on Pwncat (lien direct) |
PWNCAT se démarque comme un outil Python open source très apprécié pour sa polyvalence, offrant une alternative contemporaine à l'utilitaire traditionnel NetCAT.Adapté au réseau
Pwncat stands out as an open-source Python tool highly regarded for its versatility, providing a contemporary alternative to the traditional netcat utility. Tailored for network |
Tool | ★★★ | |
|
2024-04-10 13:43:47 | Un guide détaillé sur RustScan A Detailed Guide on RustScan (lien direct) |
Dans le domaine de la cybersécurité, les outils de numérisation du réseau jouent un rôle vital dans la reconnaissance et l'évaluation de la vulnérabilité.Parmi la gamme d'options disponibles, RustScan a
In the realm of cybersecurity, network scanning tools play a vital role in reconnaissance and vulnerability assessment. Among the array of options available, Rustscan has |
Tool Vulnerability | ★★★ | |
|
2024-04-03 20:12:31 | Meilleure alternative de l'auditeur Netcat Best Alternative of Netcat Listener (lien direct) |
Les Pentesters comptent sur une variété d'outils pour établir des connexions et maintenir l'accès lors des évaluations de la sécurité.Un composant critique de leur boîte à outils est l'auditeur-A
Pentesters rely on a variety of tools to establish connections and maintain access during security assessments. One critical component of their toolkit is the listener-a |
Tool | ★★★ | |
|
2024-03-29 13:53:15 | Ensemble Linux 64 bits et codage de coquille 64-bit Linux Assembly and Shellcoding (lien direct) |
INTRODUCTION Les codes de shell sont des instructions de machine qui sont utilisées comme charge utile dans l'exploitation d'une vulnérabilité.Un exploit est un petit code qui cible
Introduction Shellcodes are machine instructions that are used as a payload in the exploitation of a vulnerability. An exploit is a small code that targets |
Vulnerability Threat | ★★ | |
|
2024-02-09 17:09:20 | Un guide détaillé sur Ligolo-NG A Detailed Guide on Ligolo-Ng (lien direct) |
Ce guide complet plonge dans les subtilités du mouvement latéral utilisant Ligolo-NG, un outil développé par Nicolas Chatelain.L'outil Ligolo-NG facilite la création de
This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of |
Tool | ★★ | |
|
2024-01-22 16:34:17 | Burpsuite pour Penter: Autoriser Burpsuite for Pentester: Autorize (lien direct) |
Afin de protéger les actifs en ligne, les tests de sécurité des applications Web sont un élément essentiel de leur sauvegarde.Burp Suite a été un leader dans ce
In order to protect online assets, web application security testing is an essential element of safeguarding them. Burp Suite has been a leader in this |
★★ | ||
|
2024-01-11 14:19:03 | Moyen facile de générer une coque inversée Easy way to Generate Reverse Shell (lien direct) |
Dans cet article, nous apprendrons à obtenir un revers en quelques étapes faciles.Habituellement, le problème lorsque les commandes de shell inversé sont de
In this article, we will learn how to get a reverse in a few easy steps. Usually, the problem when reverse shell commands is to |
Technical | ★★★ | |
|
2023-10-30 09:00:59 | Burpsuite pour Penter: Logger ++ Burpsuite for Pentester: Logger++ (lien direct) |
Dans cet article, nous apprendrons un puissant outil cool d'extension de burp appelé & # 8220; burp logger ++ & # 8221;.C'est comme un super détective pour les sites Web, toujours sur
In this article, we\'ll learn about a powerful Burp Extension cool tool called “Burp Logger++”. It is like a super detective for websites, always on |
Tool | ★★ | |
|
2023-10-27 17:26:21 | Addons de Firefox pour la pentistation Firefox Addons for Pentesting (lien direct) |
Dans cet article, nous apprendrons à personnaliser le navigateur Firefox pour des tests de stylo efficaces ainsi que des extensions que vous pouvez utiliser dans le même but.
In this article, we will learn how to customise the Firefox browser for efficient pen-testing along with extensions you can use for the same purpose. |
Tool | ★★★★ | |
|
2023-09-30 09:20:35 | Python Serialization Vulnérabilités & # 8211;Cornichon Python Serialization Vulnerabilities – Pickle (lien direct) |
Introduction La sérialisation rassemble des données d'objets, les convertit en une chaîne d'octets et écrit en disque.Les données peuvent être désérialisées et l'original
Introduction Serialization gathers data from objects, converts them to a string of bytes, and writes to disk. The data can be deserialized and the original |
Vulnerability | ★★★ | |
|
2023-06-13 21:28:01 | Credential Dumping – Active Directory Reversible Encryption (lien direct) | Introduction Selon Mitre, un adversaire peut abuser des propriétés de chiffrement d'authentification Active Directory pour accéder aux informations d'identification sur les systèmes Windows.La propriété perteversiblePassWordEncryption spécifie
Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies |
★★★★ | ||
|
2023-03-25 10:18:23 | Un guide détaillé sur le ciseau [A Detailed Guide on Chisel] (lien direct) | Contexte de la transmission de port de port dans un réseau informatique, également connu sous le nom de mappage de port de la transition d'adresse du réseau (NAT), redirige une demande de communication à partir de
Background of Port forwarding Port forwarding in a computer network, also known as port mapping of network address transition (NAT), redirects a communication request from |
★★★ | ||
|
2023-03-24 12:45:57 | Blackfield Hackthebox Procédure pas à pas [Blackfield HacktheBox Walkthrough] (lien direct) | Le résumé Blackfield est une machine Windows Active Directory et est considérée comme une boîte dure par le piratage de la boîte.Cette boîte a diverses vulnérabilités intéressantes,
Summary Blackfield is a windows Active Directory machine and is considered as hard box by the hack the box. This box has various interesting vulnerabilities, |
Hack | ★★ | |
|
2023-01-16 15:39:59 | A Detailed Guide on Evil-Winrm (lien direct) | Background Evil-winrm tool is originally written by the team Hackplayers. The purpose of this tool is to make penetration testing easy as possible especially in | Tool | ★★★★ | |
|
2023-01-08 18:03:09 | A Detailed Guide on Kerbrute (lien direct) | Background Kerbrute is a tool used to enumerate valid Active directory user accounts that use Kerberos pre-authentication. Also, this tool can be used for password | Tool | ★★★★ | |
|
2022-12-31 16:15:04 | (Déjà vu) Antique HackTheBox Walkthrough (lien direct) | Summary Antique is Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a basic | Hack | ★★ | |
|
2022-12-28 17:38:35 | (Déjà vu) Nunchucks HackTheBox Walkthrough (lien direct) | Summary Nunchucks is a Linux machine and is considered an easy box by the hack the box. On this box, we will begin with a | Hack | ★★ | |
|
2022-12-26 09:59:57 | (Déjà vu) Late HackTheBox Walkthrough (lien direct) | Summary Late is a Linux machine and is considered as an easy box by the hack the box. On this box, we will begin with | Hack | ★ | |
|
2022-12-24 15:17:54 | (Déjà vu) Backdoor HackTheBox Walkthrough (lien direct) | Summary Backdoor is a Linux machine and is considered an easy box the hack the box. On this box we will begin with a basic | Hack | ★★ | |
|
2022-12-21 07:54:08 | Windows Privilege Escalation: Server Operator Group (lien direct) | Background: The Windows Server operating system uses two types of security principals for authentication and authorization: user accounts and computer accounts. These accounts are created | ★★★ | ||
|
2022-12-20 09:43:45 | (Déjà vu) GoodGames HackTheBox Walkthrough (lien direct) | Summary GoodGames is a Linux machine and is considered an easy box. but it was tricky indeed. On this box, we will begin with a | ★★ | ||
|
2022-12-19 16:36:47 | Paper HackTheBox Walkthrough (lien direct) | Paper is a Linux machine and is considered an easy box the hack the box. On this box, we will begin with a basic port | Hack | ★★ | |
|
2022-12-17 20:06:19 | Pandora HackTheBox Walkthrough (lien direct) | Summary Pandora is a Linux machine and is considered an easy box by the hack the box but indeed it is not. With this box, | Hack | ★★ | |
|
2022-12-14 20:32:10 | Driver HackTheBox Walkthrough (lien direct) | >Introduction The driver is an easy-rated Windows box on the HackTheBox platform. This is designed to understand initial exploitation using an SCF file and further | ★★★ | ||
|
2022-11-02 18:12:16 | Timelapse HackTheBox Walkthrough (lien direct) | >Summary Timelapse is an HTB Active Directory machine that is an easy machine but as the concept of initial compromise is unique, therefore, I believe | |||
|
2022-10-18 20:38:39 | Return HackTheBox Walkthrough (lien direct) | >Return is a Windows machine on HTB and is rated as easy, this box is designed over windows that have Weak Service Permission. If summarized, | |||
|
2022-07-11 16:51:29 | MimiKatz for Pentester: Kerberos (lien direct) | >This write-up will be part of a series of articles on the tool called Mimikatz which was created in the programming language C. it is | Tool | ||
|
2022-06-16 17:57:44 | Caldera: Red Team Emulation (Part 1) (lien direct) | >This article aims to demonstrate an open-source breach & emulation framework through which red team activity can be conducted with ease. It focuses on MITRE | |||
|
2022-05-28 19:41:16 | Domain Escalation: Unconstrained Delegation (lien direct) | >Introduction Post-Windows 2000, Microsoft introduced an option where users could authenticate to one system via Kerberos and work with another system. This was made possible | |||
|
2022-05-14 17:23:59 | Domain Persistence: Silver Ticket Attack (lien direct) | >Introduction Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. Silver tickets are forged service | |||
|
2022-05-11 18:26:52 | A Detailed Guide on Rubeus (lien direct) | Introduction Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used | ★★★ | ||
|
2022-04-24 17:40:13 | Process Herpaderping (Mitre:T1055) (lien direct) | Introduction Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped | |||
|
2022-04-22 18:30:28 | A Detailed Guide on Hydra (lien direct) | Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent | Tool | ||
|
2022-04-19 18:03:28 | A Detailed Guide on HTML Smuggling (lien direct) | Introduction HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside | |||
|
2022-04-15 18:07:00 | A Detailed Guide on Medusa (lien direct) | Hi Pentesters! Let's learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of | Tool | ||
|
2022-04-14 17:43:09 | Process Doppelganging (Mitre:T1055.013) (lien direct) | Introduction Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and | |||
|
2022-04-12 18:05:05 | (Déjà vu) Process Hollowing (Mitre:T1055.012) (lien direct) | Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware | |||
|
2022-04-12 18:05:05 | Defense Evasion: Process Hollowing (T1055.012) (lien direct) | Introduction In July 2011, John Leitch of autosectools.com talked about a technique he called process hollowing in his whitepaper here. Ever since then, many malware | |||
|
2022-04-11 20:27:32 | A Detailed Guide on AMSI Bypass (lien direct) | Introduction Windows developed the Antimalware Scan Interface (AMSI) standard that allows a developer to integrate malware defense in his application. AMSI allows an application to | Malware | ||
|
2022-04-09 16:57:55 | A Detailed Guide on Responder (LLMNR Poisoning) (lien direct) | Introduction Responder is a widely used tool in penetration test scenarios and can be used for lateral movement across the network by red teamers. The | Tool | ||
|
2022-04-07 17:50:31 | A Detailed Guide on Cewl (lien direct) | Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. | Tool | ||
|
2022-04-06 09:30:11 | Windows Persistence: COM Hijacking (MITRE: T1546.015) (lien direct) | Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking | |||
|
2022-03-27 16:29:50 | Lateral Movement: Remote Services (Mitre:T1021) (lien direct) | Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other | |||
|
2022-03-24 17:42:09 | Lateral Movement: WebClient Workstation Takeover (lien direct) | Introduction The article is based on @tifkin_'s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified | |||
|
2022-03-23 18:26:47 | A Detailed Guide on Crunch (lien direct) | Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other | |||
|
2022-03-19 18:34:57 | Parent PID Spoofing (Mitre:T1134) (lien direct) | Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing | |||
|
2022-03-17 18:05:02 | Indirect Command Execution: Defense Evasion (T1202) (lien direct) | Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense |
To see everything:
Our RSS (filtrered)
