increasingly, companies considering security a top priority and ex-filtration of data are more restricted. The OOB techniques often useful in a blind vulnerability , as an attacker you don’t get the output of exploit in direct response , for instance in a web-app vulnerable to blind injection . …

recently i was in engagement and needed to download large file from the compromised machine , i was unable to get it from TFTP neither from cert-util . i had to create a simple python script that launch mini HTTP web server and convert it to exe since it was…

we all know how important to gain tty ( teletype terminal ) shell during a penetration testing. i had a scenario where the vulnerable webdav server is installed in virtualization environment and no routing enabled from the victim box to the outside network or lets say there is outbound firewall and reverse connection denied !!

we all know hashcat utilize gpu and to work with cpu in virtualbox or vmware you will need to install the following apt-get install libhwloc-dev ocl-icd-dev ocl-icd-opencl-dev apt-get install pocl-opencl-icd tested on PWK vm

requirements : new version of kali mimikatz : wget https://raw.githubusercontent.com/dfirfpi/hotoloti/master/volatility/mimikatz.py in case you found offline dump or you were able to dump lsas process using procdump The technique can be involves in pentesting by obtaining passwords in clear text from a server without running “malicious” code in it since mimikatz…

yesterday was a great experience for me to attend all kind of joubert , one of the challenges i could not solve and understand in the reverse engineering section . this CTF challenge contain pcapng file and no hint provided only flag needed to earn the points .. for people…