z-sec.coReverse Account Takeover via Email Rebinding Causing Forced Privilege De-EscalationWhen we talk about account takeover, we usually imagine a familiar story: an attacker steals credentials, hijacks a session, or abuses password reset flows to log in as someone else. This write-up is about something more subtle โ and arguably more da...Jan 16ยท4 min read
z-sec.coGuide to install Game of Active Directory (GOAD) on VMware_ESXIGood day Mates!For quite some time, I have been intending to address this matter, albeit various commitments have continuously impeded its realization. Requirements For GOAD installation on ESXI you need to download the following tools create an ubu...Mar 20, 2024ยท4 min read
z-sec.coExploring OSINTLEAK: Unraveling the Power of Enhanced OSINT CapabilitiesHowdy mates, I wanted to write a short blog on OSINTLEAK, which is a very powerful OSINT platform. Unlike Dehashed, it has a larger database of leak contents, making it very useful for bug hunters, penetration testers, and red teamers. It offers nume...Feb 16, 2024ยท2 min read
z-sec.coHacking Admin Panel & Getting free subscriptionNote: For maintaining the program's privacy I won't disclose the program. So, a few months back I and Haseeb were hunting on a private program and the program is a services-based company that has paid services only. So the program had very limited as...Mar 29, 2023ยท4 min read
z-sec.coCertified Red Team Professional (CRTP) - ReviewHey All, this blog post is a review of CRTP certification by alteredsecurity which is one of the greatest certifications on red teaming and Active Directory pen-testing. If you want to learn or sharpen your Active Directory penetration testing skills...Mar 3, 2023ยท2 min read
