Month: March 2019

TUTORIALSpenetration testing

OSX Exploitation with Powershell Empire

This article is another post in the empire series. In this article, we will learn OSX Penetration testing using empire. Table of Content Exploiting MAC Post Exploitation Phishing Privilege Escalation Sniffing Exploiting MAC Here I’m considering you know PowerShell Empire’s basics, therefore, we will create the listener first using the following commands:uselistener http set Host execute Executing the above commands will start up the listener as shown in the image above. Now the next step is to create a stager for OS X.…

NEW TOOLSRDPNmapDiscoverygolangScansGoscanService Enumeration

Goscan – Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service enumeration not only in situations where being stealthy is not a priority and time is limited (think at CTFs, OSCP, exams, etc.), but also (with a few tweaks in its configuration) during professional engagements.GoScan is also particularly suited for unstable environments (think…

NEW TOOLSPentesterspenetration testingRemote AccessBash ScriptPHPBash HackBash ScriptingRemot3DRemote ExploitShell BackdoorShell Script

Remot3d v2.0 – Tool Created For Large Pentesters As Well As Just For The Pleasure Of Defacers To Control Server By Backdoors

Remot3d - A tool made to generate backdoor to control and exploit a server where the server runs the PHP (Hypertext Preprocessor) program.                Equipped with a backdoor that has been Obfuscated which means that 100% FUD (FULLY UNDETECTABLE) in other words can penetrate the firewall of a server because of its ignorance if it's a Malware, Written in Shell Script Language or commonly known as BASH by a 16 year old teenager.ScreenshotsList of Remot3d FunctionsCreate backdoor for windows or linux servers (can run php file)…

Cyber ThreatsCyber Bites

Microsoft remains threat actors favourite.

It should come as no surprise that cybercriminals favored Microsoft Office vulnerabilities in their cyberattacks last year, given the rise in phishing attacks that included rigged Word and Excel Office file attachments. Source: ZDNet The post Microsoft remains threat actors favourite. appeared first on IT Security Guru.

Cyber ThreatsCyber Bites

Government needs to do better at email security says NCSC.

Email security in UK government organisations is lagging far behind that of central government, analysis reveals, with less than a third implementing standard protection Source: Computer Weekly The post Government needs to do better at email security says NCSC. appeared first on IT Security Guru.

Cyber ThreatsCyber Bites

Google aiding tech support scams via fake eBay Ads.

A fake advertisement in the Google search results has been running for the past week that looked just like a legitimate ad for eBay. When you clicked on it, though, instead of being brought to the auction site you would be shown an incredibly annoying tech support scam that would try to lock up your browser. Source: Bleeping Computer The post Google aiding tech support scams via fake eBay Ads. appeared first on IT Security Guru.


Hack the Box Carrier: Walkthrough

Today we are going to solve another CTF challenge “Carrier”. It is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Expert Task: To find user.txt and root.txt file Note: Since these labs are online available therefore they have a static IP. The IP of Carrier is Penetrating Methodology Network scanning (Nmap) Enumerating SNMP service…