Ansible + Vagrant + Hyper-V + Vulnerable AD 😎. Contribute to Marmeus/capsulecorp-ad-pentest-hyperv development by creating an account on GitHub.

Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them...

A collection of practices and code examples for learning all things DevOps - LearnWithTwoHeads/devops

An XSS exploitation command-line interface and payload generator. - t3l3machus/toxssin

Impacket is a collection of Python classes for working with network protocols. - GitHub - ThePorgs/impacket: Impacket is a collection of Python classes for working with network protocols.

Microsoft SharePoint Server Elevation of Privilege Vulnerability - GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability

OSCP Cheatsheet by Sai Sathvik. Contribute to saisathvik1/OSCP-Cheatsheet development by creating an account on GitHub.

This demo goes through a whole lot of stuff that Metasploit Framework has added and improved with the 6.3 release:
LDAP Enumeration
Kerberos Authentication
Kerberos Ticket Forging
Kerberos Debugging
ADCS

Contribute to reewardius/bbFuzzing.txt development by creating an account on GitHub.

Until recently, Richard LaTulip was one of the Secret Service’s special agents who went undercover to better understand cybercriminals.

Generate password spraying lists based on the pwdLastSet-attribute of users. - GitHub - eversinc33/CredGuess: Generate password spraying lists based on the pwdLastSet-attribute of users.

GoCrack is a management frontend for password cracking tools written in Go - GitHub - mandiant/gocrack: GoCrack is a management frontend for password cracking tools written in Go

Fuzz 401/403/404 pages for bypasses. Contribute to intrudir/BypassFuzzer development by creating an account on GitHub.

Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed…

00:00 - Introduction
01:57 - Showing the trick and explaining why its important to understand the methodology behind finding the technique and not just the technique itself
03:50 - Going over the Flask App
05:45 - Showing Snyk highlighting the SQL Injection…

Hello, in this post, I will be sharing information about SQLMap tamper noscripts. So, what is SQLMap? What are tamper noscripts in SQLMap? And…

CVE-2023-43261 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption - GitHub - win3zz/CVE-2023-43261: CVE-2023-43261 - Credential Leakage Through Unprotected System Log...