Recently Updated Pages

Back in 2016, an exploit called Hot Potato was revealed and opened a Pandora's box of local privi...

This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...

This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...

It is a cheatsheet about the different AD-CS attacks presented by SpecterOps. All the references ...

1. Intro CSP (Content Security Policy) is there / in-place to mitigate some attacks, such as xss,...

1. INTRO SSRF (Server-Side Request Forgery: server-side request forgery) is a fake exploit server...

Obtain subdomains and links from the target host: for h in $(cat hosts.txt); do curl -siL https:...

Rappels Identity and Access Management (IAM) Il existe actuellement 3 grandes formes de Gestion ...

Introduction et principes généraux des Capabilities Lorsque l’on veut lancer un processus avec c...

Shell Spawning Python python -c 'import pty; pty.spawn("/bin/sh")' python3 -c 'import pty; pty...

Listener Before any reverse shell, you need to set up the listener, which will listen to a port a...

What is it ? Cache poisoning was popularized in 2018, although this attack existed long before, a...

0x01 Intro Here are my thoughts on process injection and share some technical details about Coba...

This page will present a serie of commands to pivot through domains during Pentest and Red Team o...

CobaltStrike Overview Cobalt Strike is the most prevalent threat emulation software packages use...

To learn more about the badge itself and the development behind the scenes I would recommend wa...

NahamCon CTF 2020 Writeup URL: https://ctf.nahamcon.com/challenges I got board on the weekend a...

The content is as titled. This is also a technology I have used for a long time. I have also pos...

mxrch Passionate about computing and security since always, I'm also interested in AI, blockchai...

Since the CTF is still active I wont be dropping the flags. You can follow along and complete the...