Links

Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start...

Often during penetration tests or security assessments you start from the external network and you try to get to the internal network and…

Basic Pivoting Types Type Use Case Listen - Listen Exposed asset, may not want to connect out. Listen - Connect Normal redirect. Connect - Connect Can’t bind, so connect to bridge two hosts

Quick walkthrough of pivot techniques including ssh, meterpreter, ncat, and netcat.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - swisskyrepo/PayloadsAllTheThings

An organized guide to highlight some of the smartest techniques and resources for your OSCP journey.

Before you start reading this post, let me tell you all the tips are collected from twitter (few mine 😓) where awesome community folks shar...

Hey Guys, in this post I am just going to copy paste my notes which I collected during my OSCP journey from different sources. Feel free t...

Docker has become such an integral part of my worfklow recently. These examples should demonstrate how Docker can help you be a more efficient pentester

Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start...

We’re excited to announce the launch of dedicated security chapters in the AWS documentation for over 40 services. Security is a key component of your decision to use the cloud. These chapters can help your organization get in-depth information about both the built-in and the configurable security of AWS services. This information goes beyond “how-to.” […]

Setup and managing a pentest dropbox infrastructure should be simple, reliable, and versatile. In part 1 we'll show you the hardware options, and in part 2 we'll go beyond autossh and create a OpenVPN environment that reduces time spent managing remote network connectivity.