Posts by Tag
- beginner 33
- pentest 33
- Windows 21
- web 20
- AD 20
- advanced 16
- intermediate 7
- Cloud 6
- Azure 6
- bypass 5
- review 4
- privesc 4
- bof 2
- recon 2
- osint 2
- windows 2
- powershell 2
- linux 2
- external 2
- c2 2
- enum 2
- cve 2
- lowlevel 1
- internal 1
- wifi 1
- code 1
- ruby 1
- pivot 1
- api 1
- lateralmovement 1
- persistence 1
- defense 1
- peristence 1
- cheatsheet 1
- tips 1
- awareness 1
- sliver 1
- AWS 1
- GCP 1
- container 1
- docker 1
- ADCS 1
beginner
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
CARTP - Review
Honest Review CARTP - Azure Pentesting!
Intro to Cloud Pentesting!
Wanna learn Cloud Pentesting? Start here!
7 - AD Defense
We Hac, We Attac but most importantly We Protec!
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - AD Persistence
Golden, Silver, Diamond Tickets, Custom SSP, ACLs abuses and More
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
3 - Lateral Movement
PowerShell Remoting, Mimikatz, Over Pass the hash and More
2 - Win Privesc
Unquoted Paths and Modifiable Services
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
CRTP Review
Certified Red Team Professional
4 - Windows Lateral Movement
Intro to Windows Lateral Movement
3 - Windows Privesc
Intro to Windows Privesc
2 - Bloodhound
BloodHound is a versatile and powerful tool for AD enumeration and analysis.
1 - Powershell
Starting with Powershell for AD Exploitation!
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
3 - External Pentest Playbook
The full life cycle of an External Pentest: ROE, Osint, Attacking Login Portals, Report, Client Debriefs and More
2 - Open-Source Intelligence (OSINT)
Collect Info about your Target: Images, Emails, Passwords, Usernames, Social Media and More
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
Practical Network Penetration Tester
My Review about the 5 courses of TCM: PEH, OSINT, External Pentest, Linux Privesc and Windows Privesc
7 - Metasploit & Ruby
Ruby > Python
6 - Wi-Fi Pentest
Traffic Analysis, Deautentication, Man-in-the-Middle, Wardriving and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
4 - Linux Security
About Linux: It's not OK, It's necessary! Peterson, Jordan.
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
1 - System Security
Low level stuff - Do not panic!
eLearnSecurity Certified Professional Penetration Tester
Here's my Review of the eCPPTv2 by INE
eLearnSecurity Junior Penetration Tester
Get your feet wet in Pentesting with eJPT from INE!
pentest
How to become a Pentester (2024)
Roadmap Pentester (2024)
15 - Attacking LDAP
First the Fundamentals, then Exploitation!
14 - APIs & Cloud Apps
Attacking APIs & Cloud Based Applications
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
12 - Attacking Crypto
Padding Oracle, Hash Length Extension, Leveraging MachineKey and More
11 - Server Side Attacks
SSRF, SSI, XSLT attacks and More
10 - Attacking Serialization
Attacking Serialization in Java, PHP and .NET
9 - XML Attacks
Tag Injection, XXE, Xpath Injection and More
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
7 - SQL Injection
Learn techniques of exploitation for Mysql, MSSQL and Oracle Databases
6 - HTML5
How to exploit the new features of HTML5
5 - Cross-site request forgery (CSRF)
Discovering, Execution and Bypass techniques
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
3 - Cross-site scripting (XSS)
How to discover and exploit a XSS vulnerability
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
1 - Encoding & Filtering
Filtering with Regex, Types of encoding, Bypass WAF and More
Web application Penetration Tester eXtreme
My Review of the eWPTXv2 by INE
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
3 - External Pentest Playbook
The full life cycle of an External Pentest: ROE, Osint, Attacking Login Portals, Report, Client Debriefs and More
2 - Open-Source Intelligence (OSINT)
Collect Info about your Target: Images, Emails, Passwords, Usernames, Social Media and More
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
Practical Network Penetration Tester
My Review about the 5 courses of TCM: PEH, OSINT, External Pentest, Linux Privesc and Windows Privesc
7 - Metasploit & Ruby
Ruby > Python
6 - Wi-Fi Pentest
Traffic Analysis, Deautentication, Man-in-the-Middle, Wardriving and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
4 - Linux Security
About Linux: It's not OK, It's necessary! Peterson, Jordan.
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
1 - System Security
Low level stuff - Do not panic!
eLearnSecurity Certified Professional Penetration Tester
Here's my Review of the eCPPTv2 by INE
eLearnSecurity Junior Penetration Tester
Get your feet wet in Pentesting with eJPT from INE!
Windows
Attack AD CS Now!!
DPAPI, CBA Patch, Template Reconfiguration, Certificate Forgery and More!
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
CARTP - Review
Honest Review CARTP - Azure Pentesting!
5 - Cheat Sheet
Cheat Sheet for CRTP/CRTE exams
4 - Cross Domain Attacks
ADCS, Shadow Credentials, Azure AD Integration, Foreign Security Principals and More
3 - AD Persistence
Constrained Deleg and Malicious SSP
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
1 - Lateral Movement
Almost the same content as CRTP + Extracting Credentials from LSASS
CRTE Review
Get to know the Certified Read Team Expert certification by Altered Security
7 - AD Defense
We Hac, We Attac but most importantly We Protec!
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - AD Persistence
Golden, Silver, Diamond Tickets, Custom SSP, ACLs abuses and More
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
3 - Lateral Movement
PowerShell Remoting, Mimikatz, Over Pass the hash and More
2 - Win Privesc
Unquoted Paths and Modifiable Services
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
CRTP Review
Certified Red Team Professional
4 - Windows Lateral Movement
Intro to Windows Lateral Movement
3 - Windows Privesc
Intro to Windows Privesc
web
Stored cross-site scripting (XSS)
CVE-2024-2479
SQL Injection (SQLi)
CVE-2024-2480
15 - Attacking LDAP
First the Fundamentals, then Exploitation!
14 - APIs & Cloud Apps
Attacking APIs & Cloud Based Applications
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
12 - Attacking Crypto
Padding Oracle, Hash Length Extension, Leveraging MachineKey and More
11 - Server Side Attacks
SSRF, SSI, XSLT attacks and More
10 - Attacking Serialization
Attacking Serialization in Java, PHP and .NET
9 - XML Attacks
Tag Injection, XXE, Xpath Injection and More
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
7 - SQL Injection
Learn techniques of exploitation for Mysql, MSSQL and Oracle Databases
6 - HTML5
How to exploit the new features of HTML5
5 - Cross-site request forgery (CSRF)
Discovering, Execution and Bypass techniques
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
3 - Cross-site scripting (XSS)
How to discover and exploit a XSS vulnerability
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
1 - Encoding & Filtering
Filtering with Regex, Types of encoding, Bypass WAF and More
Web application Penetration Tester eXtreme
My Review of the eWPTXv2 by INE
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
AD
5 - Cheat Sheet
Cheat Sheet for CRTP/CRTE exams
4 - Cross Domain Attacks
ADCS, Shadow Credentials, Azure AD Integration, Foreign Security Principals and More
3 - AD Persistence
Constrained Deleg and Malicious SSP
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
1 - Lateral Movement
Almost the same content as CRTP + Extracting Credentials from LSASS
CRTE Review
Get to know the Certified Read Team Expert certification by Altered Security
7 - AD Defense
We Hac, We Attac but most importantly We Protec!
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - AD Persistence
Golden, Silver, Diamond Tickets, Custom SSP, ACLs abuses and More
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
3 - Lateral Movement
PowerShell Remoting, Mimikatz, Over Pass the hash and More
2 - Win Privesc
Unquoted Paths and Modifiable Services
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
CRTP Review
Certified Red Team Professional
4 - Windows Lateral Movement
Intro to Windows Lateral Movement
3 - Windows Privesc
Intro to Windows Privesc
2 - Bloodhound
BloodHound is a versatile and powerful tool for AD enumeration and analysis.
1 - Powershell
Starting with Powershell for AD Exploitation!
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
advanced
15 - Attacking LDAP
First the Fundamentals, then Exploitation!
14 - APIs & Cloud Apps
Attacking APIs & Cloud Based Applications
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
12 - Attacking Crypto
Padding Oracle, Hash Length Extension, Leveraging MachineKey and More
11 - Server Side Attacks
SSRF, SSI, XSLT attacks and More
10 - Attacking Serialization
Attacking Serialization in Java, PHP and .NET
9 - XML Attacks
Tag Injection, XXE, Xpath Injection and More
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
7 - SQL Injection
Learn techniques of exploitation for Mysql, MSSQL and Oracle Databases
6 - HTML5
How to exploit the new features of HTML5
5 - Cross-site request forgery (CSRF)
Discovering, Execution and Bypass techniques
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
3 - Cross-site scripting (XSS)
How to discover and exploit a XSS vulnerability
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
1 - Encoding & Filtering
Filtering with Regex, Types of encoding, Bypass WAF and More
Web application Penetration Tester eXtreme
My Review of the eWPTXv2 by INE
intermediate
Get familiar with Azure Pentesting!
Going deeper with Azure!
5 - Cheat Sheet
Cheat Sheet for CRTP/CRTE exams
4 - Cross Domain Attacks
ADCS, Shadow Credentials, Azure AD Integration, Foreign Security Principals and More
3 - AD Persistence
Constrained Deleg and Malicious SSP
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
1 - Lateral Movement
Almost the same content as CRTP + Extracting Credentials from LSASS
CRTE Review
Get to know the Certified Read Team Expert certification by Altered Security
Cloud
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
CARTP - Review
Honest Review CARTP - Azure Pentesting!
Get familiar with Azure Pentesting!
Going deeper with Azure!
Intro to Cloud Pentesting!
Wanna learn Cloud Pentesting? Start here!
Azure
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
CARTP - Review
Honest Review CARTP - Azure Pentesting!
Get familiar with Azure Pentesting!
Going deeper with Azure!
Intro to Cloud Pentesting!
Wanna learn Cloud Pentesting? Start here!
bypass
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
review
Web application Penetration Tester eXtreme
My Review of the eWPTXv2 by INE
Practical Network Penetration Tester
My Review about the 5 courses of TCM: PEH, OSINT, External Pentest, Linux Privesc and Windows Privesc
eLearnSecurity Certified Professional Penetration Tester
Here's my Review of the eCPPTv2 by INE
eLearnSecurity Junior Penetration Tester
Get your feet wet in Pentesting with eJPT from INE!
privesc
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
bof
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
1 - System Security
Low level stuff - Do not panic!
recon
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
osint
2 - Open-Source Intelligence (OSINT)
Collect Info about your Target: Images, Emails, Passwords, Usernames, Social Media and More
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
windows
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
powershell
1 - Powershell
Starting with Powershell for AD Exploitation!
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
linux
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
4 - Linux Security
About Linux: It's not OK, It's necessary! Peterson, Jordan.
external
3 - External Pentest Playbook
The full life cycle of an External Pentest: ROE, Osint, Attacking Login Portals, Report, Client Debriefs and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
c2
Sliver C2
Starting with Sliver C2
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
enum
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
2 - Bloodhound
BloodHound is a versatile and powerful tool for AD enumeration and analysis.