We get some info like the server’s FQDN, DNS, Netbios name etc.. So I’ll begin my recon from the web services (that’s the trend, right?) as the web is the best attack vector. However, I wasted a ton of time on the other rabbit holes like the .NET framing service, mysql b...
After this achievement I got stuck for quite a while, enumerating the whole box and other stupid stuff. But then, a friend of mine told me to look at the head of the script again. (Well, of course, I was dumb to spot it myself). That's when I came across this excellent post by...
Theft On The Web: Prevent Session Hijacking Beat Hackers At Their Own Game With A Hackerbasher Site The Day After: Your First Response To A Security Breach Mixing It Up: Windows, UNIX, And Active Directory Yes, You Can! Secure Your Mac On A Windows Network ...
Before someone had to sneak into the offices to filter documents [2]. A gun was needed to rob a bank. Nowadays you can do it from the bed with a laptop in his hands [3] [4]. As the CNT said after the Hacking of Gamma Group: "We will try to take a step further with new for...
certgraph - An open source intelligence tool to crawl the graph of certificate Alternate Names second-order - Second-order subdomain takeover scanner gOSINT - OSINT Swiss Army Knife goWAPT - Go Web Application Penetration Test amass - In-depth DNS Enumeration and Network Mapping merlin -...
9/ Have elections where the media has almost no power.10/ Elect a new government at any time, whenever 50% of the people assembles in the streets.Ballot box corruption is 1,000x bigger than vote buyingVote buying and voter intimidation involve individual ballots. While ballot box stuffing ...
block ICMP, but it is surprising how often administrators forget to ensure that it is actually disabled. No response should even be sent. While this does not really stop enumeration, it makes it marginally more difficult since the attacker needs to rely on custom tools, such as port scanners...
block ICMP, but it is surprising how often administrators forget to ensure that it is actually disabled. No response should even be sent. While this does not really stop enumeration, it makes it marginally more difficult since the attacker needs to rely on custom tools, such as port scanners...