In this article we’ll demonstrate how to integrate BeEF (Browser Exploitation Framework) with Metasploit to enhance penetration testing capabilities. BeEF focuses on exploiting web browser vulnerabilities and conducting real-time social engineering attacks, while Metasploit is known for its powerful exploit development and execution against remote targets.
In this article, we’ll demonstrate how Cobalt Strike can be used to conceal communications within PDF files. Through examples, we depict embedding payloads directly into PDFs. Steganography techniques are explored, showcasing methods to embed beacons within PDFs’ metadata.
In this article, we’ll dive into the functionalities of Wireshark, a powerful network protocol analyzer for network packet sniffing. We’ll focus on two key services: Microsoft’s NBNS (NetBIOS Name Service) and BOOTP (Bootstrap Protocol). We’ll show you how you can use them when you perform your Red Team engagements, particularly for Internal Pentesting or Local Network enumeration techniques, taking advantage of such vulnerable components by design that can be forgotten.
In this article, we’ll explore the practice of fuzzing, a potent software testing technique. We’ll discuss about tools for fuzzing how it can be applied to both web applications and software applications, breaking down its use in each scenario. We’ll explain also the role of wordlists and generation tools in tailoring inputs.
In this article, we’ll explore how RAR files can be manipulated to deliver malicious payloads and why they prove to be formidable adversaries against antivirus and EDR/XDR mechanisms.
In this article, we explore the essential techniques used during the post-exploitation phase in penetration testing and red teaming. We will demonstrate methods for covering traces within a system, such as modifying log files and timestamps, to evade detection and maintain long-term access for further testing.
This write-up explains the importance and benefits of using SRUM (System Resource Utilization Management Database) and SRUM Dump tool on Windows Systems from a digital forensics investigation point of view. It can help digital forensics investigators or Information Security professionals understand what criminals did and prove it in a scientific way.
This article aims to enhance your ability to detect IDOR vulnerabilities more efficiently and take your discovery process to the next level. Additionally, you will learn how to utilize Autorize, a powerful Burp Suite extension that streamlines the testing process for access control vulnerabilities in web apps.
In this write-up, we will be focusing on broken access control vulnerabilities and providing multiple examples of how to detect them.