1l.rocks1l.rocks·Oct 18, 2024Getting started or finishing the OSCP (PEN-200) courseIntroduction First of all, I’d like to share that I have submitted my exam and the report. From now on, it's just waiting for the results and praying that the results are good. The paranoia is getting there. NOTE: I did receive the certificate :) The...Discusspen200
Yunis Mohamedalbaharyhacks.hashnode.dev·Oct 7, 2024My Journey Into CybersecurityHi, I’m Yunis Mohamed, an aspiring offensive security professional passionate about safeguarding the digital world. My journey into cybersecurity is fueled by curiosity, a commitment to protection, and a belief in our collective role in creating a sa...Discuss·10 likescybersecurity
Akbar Khanakbarkhan.hashnode.dev·Sep 7, 2024Weaponizing PowerShell: Unleashing the Red Team's Tactical Edge - Part 1PowerShell (PSH) PowerShell is an object-oriented programming language executed from the Dynamic Language Runtime (DLR) in .NET, with some exceptions for legacy uses. It is a powerful tool often leveraged by red teamers for various activities, such a...DiscussPowershell
Chioma Ibeakanmachiomaibeakanma.hashnode.dev·Aug 15, 2024Account Takeover via Password Reset (Disclosed Tokens)Account takeover (ATO) vulnerabilities occur when an attacker gains unauthorized access to a user's account. One common vector for ATO vulnerabilities is through the password reset functionality. In this article, we will explore how vulnerabilities c...Discuss·21 likes·51 readsVulnerabilities with Chioma Ibeakanmapenetration testing
Joao Paulo Guedesth3g3ntl3m4n.hashnode.dev·Jul 14, 2024Baby - VulnlabEnumeration We started executing a full port scan on the host. ╭─[us-free-3]-[10.8.2.220]-[th3g3ntl3m4n@kali]-[~/vulnlab/baby] ╰─ $ sudo nmap -v -sS -Pn -p- 10.10.98.130 --min-rate=300 --max-rate=500 Now, we execute a port scan only on the open por...Discussjpfdevs cybersec
Blessing Mufaro Kashavathecyberstash.hashnode.dev·Jul 10, 2024PNPT Certification ReviewForeword While many articles discuss TCM Academy’s PNPT certification, I felt compelled to write my own review. Exceptional work deserves continuous praise and acknowledgment. This concise review aims to share my personal sentiments about the certifi...Discuss·61 readsCybersecurity Insightinfosec
Rushikesh Patiloffensivebytes.com·Jun 30, 2024Offensive Kubernetes: Pentesting from the InternetIntroduction: Over the past few months, I have been reading, researching, and studying Kubernetes and Docker. These technologies are pivotal in modern DevOps practices, providing scalable and resilient environments for deploying applications. In this...Discuss·168 readsoffensive-security
Rushikesh Patiloffensivebytes.com·May 7, 2024Breaking Point: How Browser Breakpoints Can Unmask Encryption and Compromise SecurityIntroduction: Have you ever explored the depth of tools available within your browser's developer console? Among these tools, breakpoints stand out as a powerful feature for debugging, but they also unveil significant insights into a web application'...Discuss·1 like·439 readsoffensive-security
Rushikesh Patiloffensivebytes.com·May 5, 2024Peeling Back the Layers: Unmasking Hidden Secrets in JavaScript CodeHey there! Today, let's go on a little adventure into the world of website secrets. Imagine this: if you add ?_debug=1 to the end of a JavaScript(.js) page's address, it's like unlocking a hidden door. We'll explore a cool security trick that makes a...Discuss·38 readsbugbounty
Rushikesh Patiloffensivebytes.com·May 5, 2024Exploiting Exposed Encryption Keys in Web ApplicationsIntroduction: During a recent penetration testing engagement, I identified a critical security issue: exposed encryption keys in a web application's client-side JavaScript. This vulnerability is particularly severe as it enables attackers to decrypt ...Discuss·62 readsoffensive-security