offensive
Web attacks payloads collections
a collection of commonly used payloads needed for web application testing (fuzzing), the payloads have been collected from different resources and will…
offensive
Bypass Symantec Email Security.cloud
During attack Simulation, you may face Symantec Email Security Cloud (Message Lab ) while conducting a phishing campaign. Message Lab stops known…
offensive
unique attacks with 0xsp mongoose red
In this blog, I am going to explain some of the unique features of 0xsp mongoose, which I am sure most of…
offensive
offensive cheatsheet
Gathering information Stage port scanning Nmap Network exploration tool and security/ port scanner nmap [Scan Type] [Options] {target specification} HOST DISCOVERY: -sL:…
security research & development (SRD)
Covert DNS C&C for Red teaming Ops
introduction DNS is one of the core services of the current Internet. It is used not only for obvious benign purposes but…
security research & development (SRD)
Footprints of Mailgun Phishing Campaigns
Introduction Recently Mailgun security team published an article on their blog warning internet users about new scammed email messages targeting users and…
security research & development (SRD)
Smuggling via Windows services display name – Lateral movement
Introduction During red teaming operation, Lateral movement or known as an east-west movement refers to the technique to move deeper into a…
security research & development (SRD)
Local administrator is not just with Razer.. it is possible for ALL
There is more? Recently a Security researcher @jonhat discovered a zero-day vulnerability in the plug-and-play Razer Synapse installation that allows users to…
offensive
handy techniques to bypass environment restrictions
through a red teaming assessment you may face some of the restrictions due to policy enforcement / EDR / app whitelisting ..etc.,…
offensive
Gophish on Digital Ocean with Blacklist Range
Intro Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide…