Caldera is an open-source framework that assists in Red Team Emulation. This tool is invaluable for conducting adversary simulations based on the MITRE ATT&CK framework,
This research article documents a complete Active Directory domain compromise achieved through the abuse of Kerberos Unconstrained Delegation. Starting with a low-privileged domain user account
Benjamin Delpy (the creator of mimikatz) introduced the silver ticket attack in Blackhat 2014 in his abusing Kerberos session. An attacker forges silver tickets or
Rubeus is a C# toolkit for Kerberos interaction and abuse. Kerberos, as we all know, is a ticket-based network authentication protocol used in Active Directories.
Johnny Shaw demonstrated a defense evasion technique known as process herpaderping in which an attacker is able to inject malicious code into the mapped memory
Hello! Pentesters, this article is about a brute-forcing tool Hydra. Hydra is one of the favourite tools of security researchers and consultants. Being an excellent
HTML Smuggling is an evasive payload delivery method that helps an attacker smuggle payload past content filters and firewalls by hiding malicious payloads inside of
Hi Pentesters! Let’s learn about a different tool Medusa, which is intended to be a speedy, parallel and modular, login brute forcer. The goal of
Eugene Kogan and Tal Liberman presented a technique for defense evasion called “Process Doppelganging” in Blackhat EU 2017 which can be found here and a