GitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-Security
November 20, 2019 at 11:02:50 AM UTC * - permalink -

- https://github.com/S3cur3Th1sSh1t/WinPwn

HTTP Request Smuggling (CL.TE) | memN0ps
November 19, 2019 at 3:14:54 PM UTC - permalink -

- https://memn0ps.github.io/2019/11/02/HTTP-Request-Smuggling-CL-TE.html

Encoding Web Shells in PNG IDAT chunks | Application Security
November 15, 2019 at 2:38:28 PM UTC - permalink -

- https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/

GitHub - rootm0s/WinPwnage: UAC bypass, Elevate, Persistence and Execution methods
November 14, 2019 at 8:03:17 PM UTC * - permalink -

- https://github.com/rootm0s/WinPwnage

Subdomains Enumeration Cheat Sheet · Pentester Land
November 13, 2019 at 1:09:14 PM UTC - permalink -

- https://pentester.land/cheatsheets/2018/11/14/subdomains-enumeration-cheatsheet.html

“Relaying” Kerberos - Having fun with unconstrained delegation - dirkjanm.io
November 12, 2019 at 10:00:36 AM UTC * - permalink -

- https://dirkjanm.io/krbrelayx-unconstrained-delegation-abuse-toolkit/

Windows Privilege Escalation via Unquoted Service Paths – root@Hausec
November 12, 2019 at 9:52:54 AM UTC * - permalink -

- https://hausec.com/2018/10/05/windows-privilege-escalation-via-unquoted-service-paths/

Kerberos Attack: Silver Ticket Edition
November 12, 2019 at 9:52:33 AM UTC - permalink -

- https://www.varonis.com/blog/kerberos-attack-silver-ticket/

CRITIFENCE®
November 11, 2019 at 9:40:16 PM UTC - permalink -

- http://www.critifence.com/default-password-database/

5 ways Attackers Exploit Account Operators
November 11, 2019 at 9:04:41 PM UTC - permalink -

- https://www.secframe.com/blog/account-operators

A Penetration Tester's Guide to IPMI and BMCs
October 30, 2019 at 10:35:36 AM UTC - permalink -

- https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/

Pentesting QNX Neutrino RTOS | Optiv
October 29, 2019 at 5:05:49 PM UTC - permalink -

- https://www.optiv.com/blog/pentesting-qnx-neutrino-rtos

Hacking QNX
October 29, 2019 at 4:31:20 PM UTC - permalink -

- https://www.slideshare.net/ricardomcm/hacking-qnx

Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes) // byt3bl33d3r // /dev/random > blog.py
October 29, 2019 at 3:50:31 PM UTC - permalink -

- https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

Index of /public/MSDN/
October 29, 2019 at 3:44:50 PM UTC - permalink -

- https://the-eye.eu/public/MSDN/

Places of Interest in Stealing NetNTLM Hashes – 🔐Blog of Osanda
October 29, 2019 at 3:39:42 PM UTC - permalink -

- https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/amp/?__twitter_impression=true

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSoc…
October 28, 2019 at 5:43:36 PM UTC - permalink -

- https://www.slideshare.net/0ang3el/whats-wrong-with-websocket-apis-unveiling-vulnerabilities-in-websocket-apis

An Introduction To RTSP | csrgxtu
October 28, 2019 at 3:43:41 PM UTC - permalink -

- https://csrgxtu.github.io/2015/04/08/An-Introduction-To-RTSP/

Oracle pentesting guide
October 25, 2019 at 8:37:05 AM UTC - permalink -

- https://medium.com/@netscylla/pentesters-guide-to-oracle-hacking-1dcf7068d573

Don't open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, ... - Shielder
October 24, 2019 at 10:43:16 PM UTC - permalink -

- https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/