In this article, we explore how a WebClient Workstation Takeover can occur during lateral movement by abusing WebDAV shares. Inspired by @tifkin_’s and the Certified
Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other times
Parent PID spoofing is an access token manipulation technique that helps an attacker evade defense mechanisms such as heuristic detection by spoofing the PPID of
Red Teams often use Indirect Command Execution as a defense evasion technique in which an adversary tries to bypass certain defense filters that restrict certain
HTTPx is a fast web application reconnaissance tool coded in Go by projectdiscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests and
Resource-Based Constrained Delegation (RBCD) is a security feature in Active Directory (AD) that allows a computer object to specify which users or machines can impersonate
Max Kellerman discovered the privilege escalation vulnerability DirtyPipe CVE 2022-0847, which is present in the Linux Kernel itself in post versions 5.8 and allows overwriting
Many tools now create an HTTP request and let users modify its contents. Similarly, fuzzing works by sending the same type of request multiple times
Exe2hex is a tool that g0tmilk developed, and you can find it here. The tool transcribes EXE into a series of hexadecimal strings, which DEBUG.exe