Collaborate Disseminate
As the title says, in the rules of engagement I have my scope, used method, etc. but I’ve been wondering if I should also include a list of tools (such as NMAP, Dirb/Ffuf, etc.) that might be used.
And if not, how should I be transparent w… Continue reading In the RoE for a pentest, do you include a list of all tools?
This was covered in Linux PrivEsc, task 15, in this TryHackMe room.
I am having trouble understanding how this debugging mode is executing the commands in the PS4 variable, and why I must put /usr/local/bin/suid-env2 instead of another pat… Continue reading Abusing Shell Feature for Privilege Escalation
There is plenty of material online in various forms, including but not limited to books, certifications (such as OSCP), tutorials, CTFs, and platforms such as VulnHub.
The above all seem to mostly focus on internal penetration testing, wit… Continue reading Resources for conducting external penetration tests? [closed]
I need to perform a security audit/assessment on 4G LTE hardware equimements :
4G landline wireless phone (not android OS but with many features such as WiFi hotspot)
4G Wifi home router
Is there any standard/guideline/procedure (or any … Continue reading Is there any guideline or procedure for 4G hardware equipement (4G landline phone and home Wifi router) security audit/assessment?
Hello I have BeeBox running on a VirtualBox Machine, but when I try to connect to the IP of the machine from the browser of my host computer I cannot connect to it.
How can I solve it? So how can I setup bee-box so I can see the bee-box se… Continue reading BeeBox on VirtualBox cannot connect to server
I was given a standard non-admin user and a workstation to perform internal pentest assessment. To my surprise, I was able to open cmd prompt as administrator, use psexec and gain a SYSTEM shell giving me local admin access. Is it normal t… Continue reading Should a standard user in a AD domain be able to open cmd prompt as Administrator?
I want to use sqlmap to find SQL injection vulnerabilities.
The problem that I am currently facing is that I need to encode the body of the Request to hex, otherwise the request won’t work.
My request is as follows(I will only post the ess… Continue reading Sqlmap – Post Request with encoded json body
As the title suggests, my nessus scan determines there are a few open ports on my network, Yet when I try scanning the open ports in Nmap, most of them come up as filtered (with "REASON" = no-response).
I am able to access a webs… Continue reading Nessus scan shows open ports but Nmap showing filtered [closed]
Is it possible to run Responder as a flag in the proxychains program when I do some penetration testing activities, such as nmap and crackmapexec in the enumeration process?
Responder command example : sudo proxychains responder -i 192.168… Continue reading Run Responder using proxychains on a remote network
I tried to search for the phases of penetration testing, but I found lots of articles, and each article defines this in a different way, some have 5 phases, some 6, and others 7!
What I am looking for is an official or standard definition … Continue reading What are the official phases of penetration testing?