Search the Community

Practice Questions for Beginners ( For bug bounty Competition/Cyber security ) PicoCTF-Writeup For the sole purpose of proving people did stuff. On a side note... these are the writeups for the few questions we managed to complete. Side note x2: I don't think my team mates are going to add to this anymore but I'm going to also add in the questions that got solved after pico ended and be sad about the simplicity of some of them cough milk. Everything before this commit was solved before pico ended (if it matters) If you'd like to try some of these problems yourself, head on over to PicoGym! For all binary exploitation problems in this writeup, you can find a more detailed explanation here Questions General Skills Cryptography Web Exploitation Forensics Reverse Engineering Binary Exploitation Answers to the Questions : [Hidden Content]

This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For ease of use, the interface has a layout that looks like Metasploit. [hide][Hidden Content]]

About this book The industrial cybersecurity domain has grown significantly in recent years. To completely secure critical infrastructure, red teams must be employed to continuously test and exploit the security integrity of a company's people, processes, and products. This is a unique pentesting book, which takes a different approach by helping you gain hands-on experience with equipment that you’ll come across in the field. This will enable you to understand how industrial equipment interacts and operates within an operational environment. You'll start by getting to grips with the basics of industrial processes, and then see how to create and break the process, along with gathering open-source intel to create a threat landscape for your potential customer. As you advance, you'll find out how to install and utilize offensive techniques used by professional hackers. Throughout the book, you'll explore industrial equipment, port and service discovery, pivoting, and much more, before finally launching attacks against systems in an industrial network. By the end of this penetration testing book, you'll not only understand how to analyze and navigate the intricacies of an industrial control system (ICS), but you'll also have developed essential offensive and defensive skills to proactively protect industrial networks from modern cyberattacks. [Hidden Content] [hide][Hidden Content]]

Android Pentesting & CTF [Hidden Content]

BlackStone project or “BlackStone Project” is a tool created in order to automate the work of drafting and submitting a report on audits of ethical hacking or pentesting. In this tool we can register in the database the vulnerabilities that we find in the audit, classifying them by internal, external audit, or wifi, in addition, we can put your description and recommendation, as well as the level of severity and effort for its correction. This information will then help us generate in the report a criticality table as a global summary of the vulnerabilities found. We can also register a company and, just by adding its web page, the tool will be able to find subdomains, telephone numbers, social networks, and employee emails… [hide][Hidden Content]]

Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported into Defect-Dojo if advanced vulnerability management is needed. Moreover, Rekono includes a Telegram bot that can be used to perform executions easily from anywhere and using any device. Features Combine hacking tools to create pentesting processes Execute pentesting processes Execute pentesting tools Review findings and receive them via email or Telegram notifications Use Defect-Dojo integration to import the findings detected by Rekono Execute tools and processes from Telegram Bot Wordlists management Supported tools theHarvester EmailHarvester EmailFinder Nmap Sslscan SSLyze SSH Audit SMBMap Dirsearch GitLeaks Log4j Scanner CMSeeK OWASP JoomScan OWASP ZAP Nikto SearchSploit Metasploit [hide][Hidden Content]]

[hide][Hidden Content]]

The Advanced Penetration Testing Slides teaches the cyber attack lifecycle from the perspective of an adversary. Become more familiar with the most widely used penetration-testing tools, manipulate network traffic, and perform web application attacks such as cross-site scripting and SQL injection. [Hidden Content]

This isn't a new thing in the pentesting scene, it's been around for a while. I figured I'd post it here though 😉 If you don't use arch linux, be sure to read the supplied wiki for information on how to install and some basic usage. Try it out in a VM and have some fun 😛

API Security Projecto aims to present unique attack & defense methods in API Security field In this repository you will find: Mindmaps, tips & tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!! [Hidden Content] [hide][Hidden Content]]

[hide] [Hidden Content]]

Description Learn about Web 3 Security and How to identify vulnerabilities in Smart Contracts for Pentesting & Bug Bounties. Here’s a more detailed breakdown of the course content: In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks. In this course you will learn about : What is Blockchain What are DApps What is a smart contract LAB setup to pentest smart contracts Metamask and its usage Installation of Hardhat Setup Remix IDE Practical on Functions in Remix Practical on View and Pure Functions in Solidity Mappings in solidity Deploying a smart contract Security Vulnerabilities in solidity Practical Example of Integer Overflow and Underflow How to find issues using Ethernaut Playground Selfdestruct in Solidity Fallback Functions Force Challenge Reentrancy Issues Private Variables in Solidity Using Hardhat for testing smart contracts An example PoC on the Parity Wallet Hack How to hunt on Web 3 bug bounty platforms like Immunefi & Hackenproof How to write a professional report With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we’ll respond to you as soon as possible. Notes: This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed. Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility. Who this course is for: Beginners who wants to learn DApps Security Beginners who wants to learn about Smart Contract Audits Beginners who wants to learn about Web 3.0 Basics Beginners who wants to learn about identifying security vulnerabilities in DeFI Requirements No Programming Experience Required Basics foundations of usage of computer systems [Hidden Content] [Hidden Content]

Advanced methods of PenTesting with practicals. [hide][Hidden Content]]

ShotDroid is a pentesting tool for android. There are 3 tools that have their respective functions: Android Files : Get files from Android directory, internal and external storage (Images, Videos, Whatsapp, ..) Android Keylogger : Android Keylogging Keyboard + Reverse Shell. Take Face Webcam : Take face shot from the target phone's front camera and PC webcam. Features Hide apps in android files. Custom android directory. For Android Keylogger -> you can see it here: Simple-keyboard or LokiBoard. Automatic html template in take face webcam. Custom html or custom your html folder in take face webcam tool. etc. [hide][Hidden Content]]

WordPress webshell plugin for RCE A webshell plugin and interactive shell for pentesting a WordPress website. Features Webshell plugin for WordPress. Execute system commands via an API with ?action=exec. Download files from the remote system to your attacking machine with ?action=download. [hide][Hidden Content]]

Reconator is a Framework for automating your process of reconnaissance without any Computing resource (Systemless Recon) free of cost. Its Purely designed to host on Heroku which is a free cloud hosting provider. It performs the work of enumerations along with many vulnerability checks and obtains maximum information about the target domain. It also performs various vulnerability checks like XSS, Open Redirects, SSRF, CRLF, LFI, SQLi, and much more. Along with these, it performs OSINT, fuzzing, dorking, ports scanning, nuclei scan on your target. Reconator receives all the targets that need to be reconed via a Web Interface and adds into the Queue and Notifies via Telebot on start and end of Recon on a target. So this is 100% automated and doesn’t require any manual interaction. 🔥 Features 🔥 Systemless Recon 100% Free Fast scan and Easy to use Permanent storage of Results in DB Notification support via Telegram bot Fully Automated Scanner Easy access via Web UI Queue support allows to add many targets Easy Deploy Easy Recon Runs 24/7 for 22 Days [Heroku – 550 hrs/month free] [hide][Hidden Content]]

This CLI framework is based on sploitkit and is an attempt to gather hacking techniques and exploits especially focused on drone hacking. For ease of use, the interface has a layout that looks like Metasploit. [hide][Hidden Content]]

Active Directory Pentesting With Kali Linux – Red Team Attacking and Hacking Active Directory With Kali Linux Full Course – Red Team Hacking Pentesting What you’ll learn How to Use Metasploit to Exploit Active Directory How to Use Empire to Exploit Active Directory How to Use Evil-WinRM to Exploit Active Directory How to Use CrackMapExec to Exploit Active Directory How to Exploit Active Directory From Windows How to Do Active Directory Enumeration How to do Lateral Movement Active Directory Post Exploitation Active Directory Domain Privilege Escalation Active Directory Persistence Attacks How to use Kali Linux to hack Active Directory How to use nmap to Enumerate Servers How to exploit EternalBlue Requirements How Active Directory Work Windows Server Experience Description Most enterprise networks today are managed using Windows Active Directory and it is imperative for a security professional to understand the threats to the Windows infrastructure. Active Directory Pretesting is designed to provide security professionals to understand, analyze and practice threats and attacks in a modern Active Directory environment. The course is beginner friendly and comes with a walkthrough videos course and all documents with all the commands executed in the videos. The course is based on our years of experience of breaking Windows and AD environments and research. When it comes to AD security, there is a large gap of knowledge which security professionals and administrators struggle to fill. Over the years, I have taken numerous world trainings on AD security and always found that there is a lack of quality material and specially, a lack of good walkthrough and explanation. The course simulate real world attack and defense scenarios and we start with a non-admin user account in the domain and we work our way up to enterprise admin. The focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities. We cover topics like AD enumeration, tools to use, domain privilege escalation, domain persistence, Kerberos based attacks (Golden ticket, Silver ticket and more), ACL issues, SQL server trusts, and bypasses of defenses. Attacking and Hacking Active Directory With Kali Linux Full Course – Read Team Hacking Pentesting Who this course is for: Students who would love to become an Active Directory Pentesting Expert Students who would love to learn how to Attack Active Directory Students who would love a Job as a Red Team [Hidden Content] [hide][Hidden Content]]

Curso de Hacking Ético y Pentesting con KALI LINUX 2021 - Aprende Ciberseguridad Desde Cero!! 51 vídeos [hide][Hidden Content]]

View File Advanced Ethical Hacking : Network and Web PenTesting Courses Collection [7GB] Advanced Ethical Hacking : Network and Web PenTesting Courses Collection PART : 1 What you'll learn? Network Hacking Wireless Hacking Router Hacking Mobile Phones Hacking And Many More........ -------------------------------------------------------------- Requirements:- VirtualBox 8 GB RAM for setting up the Labs Wireless Router At the end, we require you to please, have DISCIPLINE. Do not try to attack what you don't own and/or what you are not allowed to. Download Link: Free for users PRIV8 Submitter dEEpEst Submitted 31/10/21 Category Libro Online Password ********  

Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process of Intranet penetration Viper integrates basic functions such as bypass anti-virus software, intranet tunnel, file management, command line and so on Viper has integrated 80+ modules, covering Resource Development / Initial Access / Execution / Persistence / Privilege Escalation / Defense Evasion / Credential Access / Discovery / Lateral Movement / Collection and other categories Viper's goal is to help red team engineers improve attack efficiency, simplify operation and reduce technical threshold Viper supports running native msfconsole in browser and multi - person collaboration v1.5.2 20211007 Optimization Login page multilingual support Merged metasploit-framework 6.1.9 [hide][Hidden Content]]

Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but most of its features are focused on hacking/pentesting stuff. Features Command History WinRM command completion Local files completion Upload and download files List remote machine services FullLanguage Powershell language mode Load Powershell scripts Load in memory dll files bypassing some AVs Load in memory C# (C Sharp) compiled exe files bypassing some AVs Colorization on output messages (can be disabled optionally) Changelog v3.3 Fixed missing output messages for Invoke-Binary Extracted AMSI bypass from the menu to avoid menu problems due to M$ AV signatures Dynamic AMSI bypass implemented to avoid AV signatures [hide][Hidden Content]]

Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but most of its features are focused on hacking/pentesting stuff. Features Command History WinRM command completion Local files completion Upload and download files List remote machine services FullLanguage Powershell language mode Load Powershell scripts Load in memory dll files bypassing some AVs Load in memory C# (C Sharp) compiled exe files bypassing some AVs Colorization on output messages (can be disabled optionally) Changelog v3.2 Fixed minor duplicated code problem Dockerfile improvements Amsi bypass update [hide][Hidden Content]]

CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve its functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques. Although meant to be used primarily for offensive purposes (e.g. red teams), CME can be used by blue teams as well to assess account privileges, find possible misconfiguration, and simulate attack scenarios. CrackMapExec is developed by @byt3bl33d3r This repository contains the following repositories as submodules: Impacket Pywinrm Pywerview PowerSploit Invoke-Obfuscation Invoke-Vnc Mimikittenz NetRipper RandomPS-Scripts SessionGopher Mimipenguin Changelog v5.1.7dev 💫 Features 💫 Add module MachineAccountQuota.py to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0dalirius Add module get-desc-users Get the description of each users and search for password in the description @nodauf Add module mssql_priv to enumerate and exploit MSSQL privileges @sokaRepo Add option --password-not-required to retrieve the user with the flag PASSWD_NOTREQD @nodauf Add custom port for WinRM Switch from gevent to asyncio Shares are now logged in the database and can be queried You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan Add better error message on LDAP protocol Add more options to LDAP option --groups option --users option --continue-on-success Add additional Info to LDAP Kerberoasting Account Name Password last set Last logon Member of Bump lsassy to latest version 2 Add new option --amsi-bypass to bypass AMSI with your own custom code Add module LAPS to retrieve all LAPS passwords Add IPv6 support Add improvment when testing null session for the output Remove thirdparty folder 🥳 🔧 Issues 🔧 Fix spelling mistakes Rename options EXT and DIR to EXCLUDE_EXTS EXCLUDE_DIR on spider_plus module Fix MSSQL protocol (command exec with powershell and enum) thanks @Dliv3 Fix module Wireless Fix issue with --pass-pol for Maximum password age Fix encoding issue with spider option [hide][Hidden Content]]