This article contains a list of PowerShell commands collected from various corners of the Internet which could be helpful during penetration tests or red team exercises. The list includes various post-exploitation one-liners in pure PowerShell without requiring any offensive (= potentially flagged as malicious) 3rd party modules, but also a bunch of handy administrative commands. […]
PowerShell Commands for Pentesters Read More »
This is another dose of bug bounty tips from the bug hunting community on Twitter, sharing their knowledge for all of us to help us find more vulnerabilities and collect bug bounties. This is the 8th part and in each part we are publishing 10 or more tips. Let’s start! 1. Intercepting traffic on iOS13
Bug Bounty Tips #8 Read More »
Let me ask you a question: If big corporations, businesses and organizations around the world have SOC (Security Operations Center) monitoring their networks 24/7/365, how is it possible that data breaches still happen? How is it possible that adversaries (APT groups, cyber criminals etc.) break their perimeter and exploit weaknesses in their networks, undetected? In
Security Operations Center: Challenges of SOC Teams Read More »
In this article, we will look on the top 20 vulnerabilities and misconfigurations of the Microsoft Azure cloud that are commonly found during credentialed security audits and architecture reviews. Information in this post can hopefully aid security architects, auditors and other professionals in assessment of the security posture of a given Azure cloud environment. Introduction
Top 20 Microsoft Azure Vulnerabilities and Misconfigurations Read More »
This is a quick howto post that can help not only penetration testers, but also network engineers, administrators and other specialists who work with network equipment, old storages, embedded systems, kiosk devices, and variety of other legacy systems with SSH interface (tcp/22). We are going talk about SSH compatibility issues and those pesky SSH unable
Solution for SSH Unable to Negotiate Errors Read More »
This page contains a list of PowerShell snippets and cmdlets for penetration testing in pure PowerShell without using any additional modules. These cmdlets are useful in restricted environments where command line utilities such as net.exe, ipconfig.exe, netstat.exe, findstr.exe and others are blocked and our ability to introduce arbitrary code into the environment is limited. Essentials
Pure PowerShell Infosec Cheatsheet Read More »
