b1d0wsb1d0ws.hashnode.dev·Nov 19, 2024AppSec Project - Chapter 4, SAST Tools and ContainerizationIntroduction Hello! Today, we’ll explore testing various SAST tools to evaluate their effectiveness in helping us secure our application. Additionally, we’ll containerize our app and make final adjustments to bring the project to completion. Our bran...Discuss·104 readspentesting
Akbar Qureshiakbaur.hashnode.dev·Nov 5, 2024LLM Leaks via Adversarial Prompt AttacksWith the growing popularity and adoption of artificial intelligence (AI) technologies many organizations are using large language models (LLMs) with access to internal private data without fully understanding the associated risks and attack vectors. ...DiscussArtificial Intelligence
b1d0wsb1d0ws.hashnode.dev·Oct 29, 2024AppSec Project - Chapter 2, Manually fixing more vulnerabilitiesIntroduction Hello, and welcome to chapter 2 of our AppSec project! If you're not up to speed with what's going on, be sure to start with chapter 1. Today, we'll continue our journey of manually fixing vulnerabilities. Without further delay, let's st...Discuss·155 readsPostsSecurity
Reza Rashidiblog.redteamguides.com·Oct 4, 2024The Last Dance with msfvenommsfvenom is a versatile payload generator and encoder tool within the Metasploit framework, crucial for crafting malicious payloads in penetration testing and red teaming exercises. It combines the capabilities of msfpayload and msfencode into one st...Discuss·597 readsmetasploit
walkerw4lk3r-blog.hashnode.dev·Oct 3, 2024Red Team Diaries: #1Intro Ever wondered how adversaries move from zero domain access to domain admin ??? As a Penetration Tester / Red Team Operator I’ve been doing exactly that For the past 3 years. starting from basic recon and escalating all the way to domain/enterpr...Discuss·2 likes·78 readsRed Team Diaries#assumebreach
b1d0wsb1d0ws.hashnode.dev·Oct 1, 2024OSWE: A Detailed ReviewIntroduction Hello! In this article, I'm going to share my journey towards OSWE certification, in the hope that it can help you in some way. As I'm going to be long-winded, if you prefer a quick answer, I recommend using the table of contents to go d...Discuss·174 readsPosts#cybersecurity
Akbar Khanakbarkhan.hashnode.dev·Sep 25, 2024Extracting NTLM Hashes with Mimikatz: A Step-by-Step Approach.Mimikatz is a powerful post-exploitation tool used by penetration testers, security researchers, and cyber attackers to interact with the Windows security model. Developed by Benjamin Delpy, it's widely known for its ability to extract plaintext pass...Discuss·1 like·197 readsmimikatz
Reza Rashidiblog.redteamguides.com·Sep 19, 2024Resetting Hardware for Red TeamerIn the realm of Red Team operations, one advanced technique involves exploiting hardware reset functionalities to disrupt critical systems and gain unauthorized access. This approach capitalizes on the inherent vulnerability of various devices to fac...Discuss·832 readsredteaming
Akbar Khanakbarkhan.hashnode.dev·Sep 17, 2024Windows Endpoint Persistence Tactics - Part 1Objective After gaining the first foothold on your target's internal network, you'll want to ensure you don't lose access to it before actually getting to the crown jewels. Establishing persistence is one of the first tasks we'll have as attackers wh...Discuss·36 readsredteaming
Akbar Khanakbarkhan.hashnode.dev·Sep 7, 2024Weaponizing PowerShell: Unleashing the Red Team's Tactical Edge - Part 1PowerShell (PSH) PowerShell is an object-oriented programming language executed from the Dynamic Language Runtime (DLR) in .NET, with some exceptions for legacy uses. It is a powerful tool often leveraged by red teamers for various activities, such a...DiscussPowershell