Collaborate Disseminate
Suppose a domain user has a GenericAll permission on a machine account, but the computer tied to that machine account is inaccessible, and that same machine account has a GenericAll privilege over a Domain Admin user account. Is it possibl… Continue reading How to leverage GenericAll privilege on a machine account without RBCD?
I recently start to learning some Ethical Hacking, to do pentesting, and i was looking for some advices from the community and some techniques in "deserialization vulnerabilities" on web applications.
Continue reading How far can we go with deserialization vulnerabilities
I am an aspiring pen-tester and am trying to learn the basic skills. I recent got a new asus laptop and it will not list aps when i run airodump. I am using Parrot OS if that is any help. My other laptop would list them(Also running Parrot… Continue reading How to fix airodump-ng [interface] not displaying aps
I’m trying to perform a pentest on a VPN server.
I’m trying to find a way to intercept, decrypt and manipulate the DTLS traffic between the VPN client and server – Burp suite style.
In the VPN client, I can enter a server IP address to con… Continue reading Penetration testing a VPN client DTLS traffic?
I’m trying to perform a pentest on a VPN server.
I’m trying to find a way to intercept, decrypt and manipulate the DTLS traffic between the VPN client and server – Burp suite style.
In the VPN client, I can enter a server IP address to con… Continue reading Penetration testing a VPN client DTLS traffic? [closed]
The vast majority of resources out there about penetration testing applications is about web and mobile applications; in some cases there are resources about so-called "native applications" which compile to machine code (such as … Continue reading What are some effective strategies to pentest a native code library?
I’m doing an internship, and I’m in the process of implementing automated pentests. However, I also want to research some best practices for implementing automated pentest and document these for the company that I’m working for. I already … Continue reading Best practices implementing automated pentesting [closed]
Assuming that a small office where basic security hygiene is already applied wants to improve their security posture, would such an office benefit from a technical internal pentest ?
Such an office’s network would be rather simple : a Doma… Continue reading What added value would an internal technical pentest have for a small barebones office with basic protections?
Recently, I noticed several resources that may be in danger, but I did not find a feedback form or email or another way to contact the owner and warn. How can I notify the owners?
DoS seems to me a noticeable, but in a very rude way to pay… Continue reading How to inform the owner of a site about a vulnerability if there is no feedback form? [closed]
I am doing some research in order to select a commercial Penetration Testing Platform which can test Web Apps, Networks and Clients.
As a final stage, I want to incorporate this Penetration Testing Platform inside another platform custom p… Continue reading Opinions for the best Pentesting platform [closed]