In the realm of cybersecurity, network scanning tools play a vital role in reconnaissance and vulnerability assessment. Among the array of options available, Rustscan has emerged as a formidable contender, offering speed, efficiency, and versatility that distinguish it from traditional tools like Nmap. Table of Contents What sets Rustscan apart? Advantages of Rustscan over Nmap Usage (Docker) Installation and Usage (Standalone) Rustscan flags Conclusion What sets Rustscan apart? Rustscan is an open-source network scanner developed in the Rust programming language. Its lightweight design, opt ..read more

Pentesters rely on a variety of tools to establish connections and maintain access during security assessments. One critical component of their toolkit is the listener—a program that listens for incoming connections and facilitates communication with compromised systems.  In this blog post, we’ll delve into different listener options, exploring features and use cases for popular tools such as Netcat, Rlwrap, Rustcat, Pwncat and Windows ConPty shell. Table of Content Reverse Shell Generator Netcat for Beginners Rlwrap for OSCP Rustcat for OSCP Pwncat for Read Teamers Windows ConPty for OS ..read more

Introduction Shellcodes are machine instructions that are used as a payload in the exploitation of a vulnerability. An exploit is a small code that targets a vulnerability. Shellcodes are written in assembly. We generally refer to sites like shell-storm.org to get shellcodes and attach them to our exploits. But how can we make our shellcodes? This series of articles focuses on creating our shellcodes. In Part 1, we’d be understanding basic assembly instructions, writing our very first assembly code, and turning that into a shell code. Table of Content Understanding CPU Registers First Assembl ..read more

This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of tunnels through reverse TCP/TLS connections using a tun interface, avoiding the necessity of SOCKS. This guide covers various aspects, from the tool’s unique features to practical applications such as single and double pivoting within a network. Download Ligolo-Ng: Ligolo-Ng can be downloaded from the official repository: Ligolo-Ng Releases. Table of Contents: Introduction to Ligolo-Ng Ligolo V/S Chisel Lab Set ..read more

In order to protect online assets, web application security testing is an essential element of safeguarding them. Burp Suite has been a leader in this area for many years and it’s still being used by safety professionals as well as Ethical hackers. One of those extensions that stands out in the web security testing community is “Autorize”, which comes with a wide variety of additional features to improve its capabilities. A powerful set of features that simplify the authentication and authorization testing process is available with this extension. Autorize = Authenticate + Authorize Authorizat ..read more

In this article, we will learn how to get a reverse in a few easy steps. Usually, the problem when reverse shell commands is to remember its long and complicating syntax. But due to growing AI of our digital world, this problem tackled and dealt with. Let’s see how it is done through this article. Table of Content What is Reverse Shell? Types of Reverse Shell Working of Reverse Shell Reverse Shell Generator – 1 Reverse Shell Generator – 2 Hack tool Shellz Mitigation What is Reverse Shell? A reverse shell is a technique used in computer security and hacking that allows an attacker to gain con ..read more

In this article, we will learn how to customise the Firefox browser for efficient pen-testing along with extensions you can use for the same purpose. Table of Contents: Introduction Understanding the Role of the Browser in Penetration Testing Extensions for efficient pen-testing Wappalyzer Foxyproxy Hacktool Hackbar Tamper data User-agent Switcher Cookie editor Temp mail Built with Conclusion Mindmap Introduction In the ever-evolving landscape of cybersecurity, penetration testing stands as a crucial pillar of defence against the relentless onslaught of cyber threats. Penetration testers, of ..read more

Introduction Serialization gathers data from objects, converts them to a string of bytes, and writes them to disk. The data can be deserialized and the original objects can be recreated. Many programming languages offer a way to do this including PHP, Java, Ruby and Python (common backend coding languages in web). Let’s talk about serialization in Python. In Python, when we use the pickle module, serialization is called “pickling.” Table of content Serialization in Python Serialization in Web Applications Over Pickling Python YAML vs Python Pickle Mitigation Demonstration Conclusion Serializ ..read more

Introduction According to MITRE, an adversary may abuse Active Directory authentication encryption properties to gain access to credentials on Windows systems. The AllowReversiblePasswordEncryption property specifies whether reversible password encryption for an account is enabled or disabled. By default, this property is disabled (instead of storing user credentials as the output of one-way hashing functions) and should not be enabled unless legacy or other software requires it. MITRE TACTIC: Credential Dumping (ID: TA0006) MITRE Technique Modify Authentication Process (T1556) MITRE SUB ID ..read more

Background of Port forwarding Port forwarding in a computer network, also known as port mapping of network address transition (NAT), redirects a communication request from one address and port number combination to another while packets traverse a network gateway such as a firewall or a router. It is used to keep unwanted traffic off. A network administrator uses one IP address for all external communications on the internet while dedicating multiple servers with different IPS and ports internally to do various tasks based on organization requirements. Table of content Introduction to Chisel ..read more