Found 21 bookmarks
Custom sorting
Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. - GitHub - Syslifters/sysreptor: Fully customisable, offensiv...
·github.com·
Syslifters/sysreptor: Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
MSDT DLL Hijack UAC bypass - Sevagas
MSDT DLL Hijack UAC bypass - Sevagas
UAC Bypass via DLL hijacking of Microsoft Support Diagnostic Tool (MSDT). The UAC bypass method described here is based on DLL hijacking which happens when loading the Bluetooth diagnostic package.
·blog.sevagas.com·
MSDT DLL Hijack UAC bypass - Sevagas
ired.team
ired.team
My notes about all things red teaming experiments and more. (Very well done notes, great stuff on red teaming)
·ired.team·
ired.team
Cronjob Backdoors
Cronjob Backdoors
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec
·blog.sucuri.net·
Cronjob Backdoors
HackTricks
HackTricks
Welcome to the page where you will find each hacking trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
·book.hacktricks.xyz·
HackTricks
10 real-world stories of how we’ve compromised CI/CD pipelines
10 real-world stories of how we’ve compromised CI/CD pipelines
Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD pipeline? What does this type of attack look like in practice? NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small. In this post, we will share some of our war stories about what we have observed and been able to demonstrate on CI/CD pipeline security assessments, clearly showing why there is the saying, “they are execution engines"
·research.nccgroup.com·
10 real-world stories of how we’ve compromised CI/CD pipelines
outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations. - outflanknl/RedELK: Red Team's S...
·github.com·
outflanknl/RedELK: Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
kgretzky/pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
kgretzky/pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV. - kgretzky/pwndrop: Self-deployable file hosting service for red teamers, al...
·github.com·
kgretzky/pwndrop: Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.