When it comes to OSINT, the smallest details often uncover the biggest insights—and the favicon is a perfect example. Whether you’re on the red team or the blue team, understanding favicon hashing will sharpen your discovery techniques, enhance your infrastructure visibility, and help you uncover connections others routinely miss.
This article explores how attackers can leverage Server Authentication templates to compromise networks and why hardening these templates is just as critical to an organization’s security posture.
In this article we’ll demonstrate how to integrate BeEF (Browser Exploitation Framework) with Metasploit to enhance penetration testing capabilities. BeEF focuses on exploiting web browser vulnerabilities and conducting real-time social engineering attacks, while Metasploit is known for its powerful exploit development and execution against remote targets.
In this article, we’ll demonstrate how Cobalt Strike can be used to conceal communications within PDF files. Through examples, we depict embedding payloads directly into PDFs. Steganography techniques are explored, showcasing methods to embed beacons within PDFs’ metadata.
In this article, we’ll dive into the functionalities of Wireshark, a powerful network protocol analyzer for network packet sniffing. We’ll focus on two key services: Microsoft’s NBNS (NetBIOS Name Service) and BOOTP (Bootstrap Protocol). We’ll show you how you can use them when you perform your Red Team engagements, particularly for Internal Pentesting or Local Network enumeration techniques, taking advantage of such vulnerable components by design that can be forgotten.
In this article, we’ll explore the practice of fuzzing, a potent software testing technique. We’ll discuss about tools for fuzzing how it can be applied to both web applications and software applications, breaking down its use in each scenario. We’ll explain also the role of wordlists and generation tools in tailoring inputs.
In this article, we’ll explore how RAR files can be manipulated to deliver malicious payloads and why they prove to be formidable adversaries against antivirus and EDR/XDR mechanisms.
In this article, we explore the essential techniques used during the post-exploitation phase in penetration testing and red teaming. We will demonstrate methods for covering traces within a system, such as modifying log files and timestamps, to evade detection and maintain long-term access for further testing.
This write-up explains the importance and benefits of using SRUM (System Resource Utilization Management Database) and SRUM Dump tool on Windows Systems from a digital forensics investigation point of view. It can help digital forensics investigators or Information Security professionals understand what criminals did and prove it in a scientific way.