Cybersecurity News & Threat Intelligence
Password Manager Pro Vulnerability Debugging Environment Setup
Step-by-step guide to set up a Password Manager Pro vulnerability debugging environment, covering installation, configuration, and database setup for security testing.
Penetration Techniques - Exporting Saved Passwords from Firefox Browser
Learn how to export saved passwords from Firefox browser, including storage methods, decryption principles, and tools like WebBrowserPassView for penetration testing.
Domain Penetration - Remote Execution via Scheduled Tasks in GPO
Learn how to exploit GPO scheduled tasks for remote execution in domain environments, covering GPMC, command-line methods, and Group Policy refresh techniques.
Zimbra SOAP API Development Guide
Learn to use Zimbra SOAP API with Python for email server management, user operations, and admin tasks. Includes code examples and testing.
Joomla 3.4.4-3.6.3 Account Creation & Privilege Escalation Test Record
Test record of Joomla 3.4.4-3.6.3 vulnerabilities CVE-2016-8869 and CVE-2016-8870, enabling unauthorized account creation and privilege escalation.
Penetration Techniques - Parameter Hiding Techniques in Shortcut Files
Explore parameter hiding techniques in shortcut files, including lnk format analysis, Delphi/PowerShell POCs, and exploitation methods for bypassing 260-char limits.
Userland registry hijacking
Explore userland registry hijacking for persistence and BypassUAC. Learn to hijack scheduled tasks and modify HKCR keys via HKCU with standard user permissions.
Volume Shadow Copy in Penetration Testing
Learn how to exploit Volume Shadow Copy for file recovery and creating fileless processes in penetration testing, including commands and techniques.
Python Development Tips - Disabling URL Encoding in the Requests Library
Learn how to disable URL encoding in Python's Requests library for raw HTTP vulnerability testing, with a CVE-2022-44877 example.
Steganography Techniques - Hiding Payloads Using JPEG File Format
Learn JPEG steganography techniques for hiding payloads, including DCT and LSB encryption, Exif manipulation, and tools like stegdetect and JPEGsnoop.
msiexec in Penetration Testing
Explore msiexec exploitation in penetration testing, including creating malicious MSI files with Metasploit and Advanced Installer for payload delivery and command execution.
Study Notes of using sdclt.exe to bypass UAC
Learn how sdclt.exe bypasses UAC in Windows 10 via registry modification, with testing insights and defensive strategies to detect and prevent attacks.
Using global API hooks to hide processes on Windows 7 systems
Learn to hide processes on Windows 7 using global API hooks via AppInit_DLLs registry tweaks. Works instantly on x64/x86 without reboots.
Use AppDomainManager to maintain persistence
Learn to hijack .Net programs using AppDomainManager for persistence, including self-developed apps and system tools like PowerShell.
Penetration Techniques - Deletion and Bypass of Windows Logs
Learn techniques to clear and bypass Windows logs for penetration testing, including wevtutil, NSA tools, and thread termination methods.
DLL Injection via APC - Bypassing Sysmon Monitoring
Learn how to perform DLL injection via APC to bypass Sysmon monitoring of CreateRemoteThread. Includes C++ and C# implementations, Sysmon config testing, and evasion methods.
An interesting way of bypassing Windows Attachment Manager
Learn how to bypass Windows Attachment Manager using ADS removal and LNK file techniques. Exploit Zone.Identifier:$DATA to avoid untrusted file prompts.
Penetration Techniques - Program Privilege Reduction Startup
Learn methods to reduce program privileges from SYSTEM to standard user in penetration testing, including tools like runas, lsrunas, CPAU, and SelectMyParent.
Windows Shellcode Study Notes - Generating Shellcode via Visual Studio
Learn to generate Windows shellcode using Visual Studio. Methods include DEBUG mode extraction, ShellcodeCompiler tool, and C++ dynamic API calls for custom payloads.
Penetration Basics: Fortigate Identification and Version Detection
Master Fortigate identification (management vs VPN pages) & version detection with Python. Includes step-by-step details, code examples, and open-source scripts for penetration basics.