In this article we will look on 12 free and open-source vulnerability scanners for CMS (Content Management System) such as WordPress, Joomla, Drupal, Moodle, Typo3 and similar publishing platforms. We will look on Droopescan, CMSmap, CMSeeK, WPXF, WPScan, WPSeku, WPForce, ...

In this post, we will be introducing a new minimalistic tool for local privilege escalation attacks in Microsoft Windows systems. The tool is called localbrute.ps1 and it is a simple local Windows account brute force tool written in pure PowerShell ...

This article contains a list of PowerShell commands collected from various corners of the Internet which could be helpful during penetration tests or red team exercises. The list includes various post-exploitation one-liners in pure PowerShell without requiring any offensive (= ...

Did you know that there are over 350 post exploitation modules in the current Metasploit Framework version that comes pre-installed on the Kali Linux? How many of them do you use during your penetration testing activities? If you are like ...

In this article, we will look on the top 20 vulnerabilities and misconfigurations of the Microsoft Azure cloud that are commonly found during credentialed security audits and architecture reviews. Information in this post can hopefully aid security architects, auditors and ...