📱 Android Application Framework: Beginner’s Guide
Dive into the core architecture of Android with this detailed guide. Essential for developers and security researchers.
🔗 Read the full article: hackingarticles.in
❤4
🔐 Credential Dumping: Windows Autologon Password
Attackers often target stored AutoLogon credentials to escalate access. Learn how this technique works and how to defend against it:
✔ Method: Extracts plaintext passwords from the Registry (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon).✔ Tools Used: Mimikatz, PowerShell, or manual registry queries.
✔ Impact: Compromises domain/logon persistence.
✔ Mitigation: Disable AutoLogon or use LSA protection.
📖 Read the guide: hackingarticles.in
❤4
MSSQL for Pentester Command Execution with xp_cmdshell.pdf
4 MB
🔍 MSSQL Pentesting: Command Execution via xp_cmdshell
This guide covers practical exploitation of MSSQL Server using xp_cmdshell:Enabling xp_cmdshell (GUI, sqsh, impactet-mssqlclient)Reverse shell methods: .hta, netcat, Python, nxc, crackmapexec, Metasploit
PowerUPSQL for command execution
🔔 Turn on notifications for more hacking writeups!
🔥3❤1
abusing trustworthy.pdf
2.1 MB
New Article Alert!
Title: Abusing Trustworthy Property in MSSQL
Denoscription: Introduction to Trustworthy Property:
Understand the importance of trustworthy property in MSSQL for database security.
Lab Setup: Learn to set up a lab to demonstrate trustworthy property abuse.
Abusing Trustworthy Property: Discover exploitation methods, including manual tactics and remote exploitation with PowerUpSQL and Metasploit. Practical Examples: View examples of trustworthy property abuse, including code snippets and screenshots.
Title: Abusing Trustworthy Property in MSSQL
Denoscription: Introduction to Trustworthy Property:
Understand the importance of trustworthy property in MSSQL for database security.
Lab Setup: Learn to set up a lab to demonstrate trustworthy property abuse.
Abusing Trustworthy Property: Discover exploitation methods, including manual tactics and remote exploitation with PowerUpSQL and Metasploit. Practical Examples: View examples of trustworthy property abuse, including code snippets and screenshots.
❤2
Bug Bounty Training Program (Online)
🔗 Register here: https://forms.gle/bowpX9TGEs41GDG99
💬 WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
📧 Email: info@ignitetechnologies.in
Hurry up, get enrolled yourself with IGNITE TECHNOLOGIES’ fully exclusive Training Program “Bug Bounty.”
✔️ Table of Content
🚀 Introduction to WAPT & OWASP Top 10
🛠️ Pentest Lab Setup
🔍 Information Gathering & Reconnaissance
💻 Netcat for Pentester
⚙️ Configuration Management Testing
🔐 Cryptography
🔑 Authentication
🕒 Session Management
📂 Local File Inclusion
🌐 Remote File Inclusion
📁 Path Traversal
💣 OS Command Injection
🔀 Open Redirect
📤 Unrestricted File Upload
🐚 PHP Web Shells
📝 HTML Injection
🌟 Cross-Site Scripting (XSS)
🔄 Client-Side Request Forgery
🛑 SQL Injection
📜 XXE Injection
🎁 Bonus Section
🔗 Register here: https://forms.gle/bowpX9TGEs41GDG99
💬 WhatsApp: https://wa.me/message/HIOPPNENLOX6F1
📧 Email: info@ignitetechnologies.in
Hurry up, get enrolled yourself with IGNITE TECHNOLOGIES’ fully exclusive Training Program “Bug Bounty.”
✔️ Table of Content
🚀 Introduction to WAPT & OWASP Top 10
🛠️ Pentest Lab Setup
🔍 Information Gathering & Reconnaissance
💻 Netcat for Pentester
⚙️ Configuration Management Testing
🔐 Cryptography
🔑 Authentication
🕒 Session Management
📂 Local File Inclusion
🌐 Remote File Inclusion
📁 Path Traversal
💣 OS Command Injection
🔀 Open Redirect
📤 Unrestricted File Upload
🐚 PHP Web Shells
📝 HTML Injection
🌟 Cross-Site Scripting (XSS)
🔄 Client-Side Request Forgery
🛑 SQL Injection
📜 XXE Injection
🎁 Bonus Section
❤3
📡 Wireless Penetration Testing Using Aircrack-ng
Master wireless security assessments with this comprehensive guide to Aircrack-ng, the essential WiFi hacking toolkit:
• Captures WiFi handshakes (monitor mode)
• Cracks WPA/WPA2 passwords (dictionary attacks)
• Analyzes network traffic (packet injection)
• Supports all major wireless adapters
🔍 Key Attacks Covered:
WEP cracking
WPA/WPA2-PSK brute force
Deauthentication attacks
📖 Full Tutorial: Read Here
Master wireless security assessments with this comprehensive guide to Aircrack-ng, the essential WiFi hacking toolkit:
• Captures WiFi handshakes (monitor mode)
• Cracks WPA/WPA2 passwords (dictionary attacks)
• Analyzes network traffic (packet injection)
• Supports all major wireless adapters
🔍 Key Attacks Covered:
WEP cracking
WPA/WPA2-PSK brute force
Deauthentication attacks
📖 Full Tutorial: Read Here
❤2🆒2
docker.png
1.3 MB
🐳 Docker Privilege Escalation Techniques
Escalate privileges in containerized environments using critical misconfigurations:
• Breakout Methods:
Abusing --privileged flag
Exploiting writable cgroups
Docker socket exposure (/var/run/docker.sock)
Capability abuse (e.g., CAP_SYS_ADMIN)
• Post-Exploitation:
Host filesystem access
Container-to-host process injection
Stealing secrets from mounted volumes
🔐 Mitigation:
Principle of Least Privilege
Read-only containers
Regular vulnerability scanning
📖 Full Guide: Docker Privilege Escalation
Escalate privileges in containerized environments using critical misconfigurations:
• Breakout Methods:
Abusing --privileged flag
Exploiting writable cgroups
Docker socket exposure (/var/run/docker.sock)
Capability abuse (e.g., CAP_SYS_ADMIN)
• Post-Exploitation:
Host filesystem access
Container-to-host process injection
Stealing secrets from mounted volumes
🔐 Mitigation:
Principle of Least Privilege
Read-only containers
Regular vulnerability scanning
📖 Full Guide: Docker Privilege Escalation
❤3
🔍 Learn SIEM with He-Man – The Defender of Eternia’s Cybersecurity!
This fun yet powerful guide explains Security Information & Event Management (SIEM) using He-Man’s world:
✅ Log Collection: Like Castle Grayskull’s magic, SIEM gathers logs from servers, firewalls, and even Skeletor’s lair!
✅ Threat Detection: Correlates events (e.g., five login failures in 2 minutes = attack!).
✅ Dashboards & Alerts: Real-time threat visualization—no magic, just data!
✅ False Positives: "Royal teapot accessed at midnight?" Not every alert is evil.
✅ Compliance: Generates reports for audits (ISO, SOC 2).
This fun yet powerful guide explains Security Information & Event Management (SIEM) using He-Man’s world:
✅ Log Collection: Like Castle Grayskull’s magic, SIEM gathers logs from servers, firewalls, and even Skeletor’s lair!
✅ Threat Detection: Correlates events (e.g., five login failures in 2 minutes = attack!).
✅ Dashboards & Alerts: Real-time threat visualization—no magic, just data!
✅ False Positives: "Royal teapot accessed at midnight?" Not every alert is evil.
✅ Compliance: Generates reports for audits (ISO, SOC 2).
❤3