Skip to main content

Recently Updated Pages

In the Potato family, I want them all

Back in 2016, an exploit called Hot Potato was revealed and opened a Pandora's box of local privi...

Active Directory

This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...

Active Directory - Python edition

This cheatsheet is built from numerous papers, GitHub repos and GitBook, blogs, HTB boxes and lab...

Active Directory Certificate Services

It is a cheatsheet about the different AD-CS attacks presented by SpecterOps. All the references ...

CSP Series

1. Intro CSP (Content Security Policy) is there / in-place to mitigate some attacks, such as xss,...

SSRF Series

1. INTRO SSRF (Server-Side Request Forgery: server-side request forgery) is a fake exploit server...

Bug Bounty

Obtain subdomains and links from the target host: for h in $(cat hosts.txt); do curl -siL https:...

[FR] Decentralized Identifiers (DIDs)

Rappels Identity and Access Management (IAM) Il existe actuellement 3 grandes formes de Gestion ...

[FR] Système des capabilities Linux

Introduction et principes généraux des Capabilities Lorsque l’on veut lancer un processus avec c...

Spawning TTY Shells

Shell Spawning Python python -c 'import pty; pty.spawn("/bin/sh")' python3 -c 'import pty; pty...

Reverse shells

Listener Before any reverse shell, you need to set up the listener, which will listen to a port a...

Cache Poisoning

What is it ? Cache poisoning was popularized in 2018, although this attack existed long before, a...

Cobalt Strike Process Injection

0x01 Intro Here are my thoughts on process injection and share some technical details about Coba...

Pivoting

This page will present a serie of commands to pivot through domains during Pentest and Red Team o...

How to Hide Your CobaltStrike

CobaltStrike Overview Cobalt Strike is the most prevalent threat emulation software packages use...

NorthSec 2021 Badge Writeup

To learn more about the badge itself and the development behind the scenes I would recommend wa...

NahamCon CTF 2020 Writeup

NahamCon CTF 2020 Writeup URL: https://ctf.nahamcon.com/challenges I got board on the weekend a...

Direct system call injection process to avoid anti-kill

The content is as titled. This is also a technology I have used for a long time. I have also pos...

Members

mxrch Passionate about computing and security since always, I'm also interested in AI, blockchai...

HackTM CTF 2020 Writeup

Since the CTF is still active I wont be dropping the flags. You can follow along and complete the...