In this article we’ll demonstrate how to integrate BeEF (Browser Exploitation Framework) with Metasploit to enhance penetration testing capabilities. BeEF focuses on exploiting web browser vulnerabilities and conducting real-time social engineering attacks, while Metasploit is known for its powerful exploit development and execution against remote targets.
Hide Payloads in PDF Files using Cobalt Strike Beacons
In this article, we’ll demonstrate how Cobalt Strike can be used to conceal communications within PDF files. Through examples, we depict embedding payloads directly into PDFs. Steganography techniques are explored, showcasing methods to embed beacons within PDFs’ metadata.
Analyzing Microsoft’s NBNS and BOOTP Protocols with Wireshark for Red Teaming
In this article, we’ll dive into the functionalities of Wireshark, a powerful network protocol analyzer for network packet sniffing. We’ll focus on two key services: Microsoft’s NBNS (NetBIOS Name Service) and BOOTP (Bootstrap Protocol). We’ll show you how you can use them when you perform your Red Team engagements, particularly for Internal Pentesting or Local Network enumeration techniques, taking advantage of such vulnerable components by design that can be forgotten.
Deep Dive to Fuzzing for Maximum Impact
In this article, we’ll explore the practice of fuzzing, a potent software testing technique. We’ll discuss about tools for fuzzing how it can be applied to both web applications and software applications, breaking down its use in each scenario. We’ll explain also the role of wordlists and generation tools in tailoring inputs.
The Dark Side of RAR Files: A New Method for Delivering Malicious Payloads
In this article, we’ll explore how RAR files can be manipulated to deliver malicious payloads and why they prove to be formidable adversaries against antivirus and EDR/XDR mechanisms.
Post-Exploitation Techniques: Maintaining Access, Escalating Privileges, Gathering Credentials, Covering Tracks
In this article, we explore the essential techniques used during the post-exploitation phase in penetration testing and red teaming. We will demonstrate methods for covering traces within a system, such as modifying log files and timestamps, to evade detection and maintain long-term access for further testing.
Unlocking Windows System Resource Utilization for Digital Forensics Analysis with SRUM Dump
This write-up explains the importance and benefits of using SRUM (System Resource Utilization Management Database) and SRUM Dump tool on Windows Systems from a digital forensics investigation point of view. It can help digital forensics investigators or Information Security professionals understand what criminals did and prove it in a scientific way.
Maximizing IDOR Detection with Burp Suite’s Autorize
This article aims to enhance your ability to detect IDOR vulnerabilities more efficiently and take your discovery process to the next level. Additionally, you will learn how to utilize Autorize, a powerful Burp Suite extension that streamlines the testing process for access control vulnerabilities in web apps.
Primer on Broken Access Control vulnerabilities and how to find them
In this write-up, we will be focusing on broken access control vulnerabilities and providing multiple examples of how to detect them.