Recently Updated Pages
System Center Configuration Manager
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...
[EN] Zipper (Hard)
What you will learn: API to RCE Funky shell magic to get a stable environment Abusing SUID binar...
Bug Bounty - Content Discovery / Recon
Obtain subdomains and links from the target host: for h in $(cat hosts.txt); do curl -siL https:/...
[FR] Système des capabilities Linux
Introduction et principes généraux des Capabilities Lorsque l’on veut lancer un processus avec ce...
HideAndSec
Nous sommes un groupe de passionnés d'informatique, de sécurité web, logiciel, IoT, analyse de bi...
MDT, where are you?
TLDR Search for the intellimirrorSCP object class and its netbootServer attribute to find a WDS s...
Active Directory
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...
Active Directory Certificate Services
It is a cheatsheet about the different AD-CS attacks presented by SpecterOps. All the references ...
Active Directory - Python edition
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...
Pivoting
This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...
[FR] Decentralized Identifiers (DIDs)
Rappels Identity and Access Management (IAM) Il existe actuellement 3 grandes formes de Gestion ...
In the Potato family, I want them all
Back in 2016, an exploit called Hot Potato was revealed and opened a Pandora's box of local privi...
CSP Series
1. Intro CSP (Content Security Policy) is there / in-place to mitigate some attacks, such as xss,...
SSRF Series
1. INTRO SSRF (Server-Side Request Forgery: server-side request forgery) is a fake exploit server...
Spawning TTY Shells
Shell Spawning Python python -c 'import pty; pty.spawn("/bin/sh")' python3 -c 'import pty; pty...
Reverse shells
Listener Before any reverse shell, you need to set up the listener, which will listen to a port a...
Cache Poisoning
What is it ? Cache poisoning was popularized in 2018, although this attack existed long before, a...
[FR] Zipper (Hard)
Ce que vous allez apprendre : API vers RCE De la magie pour obtenir un shell stable Abus des...
Cobalt Strike Process Injection
0x01 Intro Here are my thoughts on process injection and share some technical details about Coba...
How to Hide Your CobaltStrike
CobaltStrike Overview Cobalt Strike is the most prevalent threat emulation software packages use...