Blog & Resources
How to Ace Your Junior Penetration Tester Interview and Land the Job
Becoming a Junior Penetration Tester is a dream come true for many who are passionate about cybersecurity. However, getting there isn’t always easy. One of the most crucial parts of the journey is the interview process. In this post, we’ll go through everything you...
Another PowerView Tutorial: How To Use PowerView In A Penetration Test
PowerView (github.com/PowerShellMafia/PowerSploit) is an offensive PowerShell script that allows you to perform a variety of tasks against an internal domain, including recon, privilege escalation, persistance, and exfiltration. What you may not already know though is...
The HackMyVM Keys Walkthrough
This is the HackMyVM Keys Walkthrough. Web Enumeration The webserver is hiding interesting files, it took a few different lists from seclists to find something good. What we do find is a file readme.php and that means we can investigate further. gobuster dir -r -u...
OSCP Prep: M87 Vulnhub Walkthrough
Preparing for the OSCP exam means you need to know the basics, but you also need the experience. There is perhaps no better way to test how prepared you are for the exam than by hacking web apps. In this walkthrough, we will cover one important skill to master, SQL...
The Hacker Kid Vulnhub Walkthrough
This is the Hacker Kid Vulnhub walkthrough. Here's what you will learn from this walkthrough. One thing you will learn is how to do binary analysis for Linux privilege escalation, but that is all I will give away. This is an excellent OSCP like box you can use to...
Billu_Box 2 Vulnhub Walkthrough
This is the Billi Box 2 Vulnhub walkthrough. Here's what you will learn from this walkthrough. One thing you will learn is how to do binary analysis for Linux privilege escalation, but that is all I will give away. This is an excellent OSCP like box you can use to...
The HMS 1 Vulnhub Walkthrough
Exploiting vulnerable machines in a legal and safe environment is the only way to become an experienced ethical hacker. That is what this site is dedicated to, and so I present to you the HMS 1 vulnhub walkthrough, another of the vulnhub series here on the site. HMS 1...
How to Become a Penetration Tester?
Penetration testing is one of the most emerging and promising fields in the IT sector. Penetration testers are ethical hackers. These “good” hackers are usually hired by system software owners or web-based application companies. The pen testers check the vulnerability...
How To Write A Reserve Shell In Nim To Bypass Antivirus
In this tutorial, you will learn how to write a reverse shell in Nim to bypass antivirus detection. What Is Nim? Nim is a scripting language similar to Python in syntax, but close to Golang in that it requires statically typed variables and it compiles its programs....
The VulnCMS Vulnhub Walthrough Without Metasploit
This is a walkthrough for the VulnCMS:1 vulnhub machine. If you are looking for OSCP-like vulnhub boxes to practice with then look no further. Really if you want to prepare for the OSCP then you should consider subscribing to the Ethical Hacking Guru Academy. Want to...
Crack Hashes With Hashcat Without Money For A Dank PC Build Using Colabcat
You can use a free online resource to crack hashes with hashcat, without having to break the bank for an overpriced graphics card these days. It's called Colabcat and using colabcat is a free easy way to crack passwords online. If you are a complete beginner to...
How To Use Confuser Ex To Bypass Antivirus
In this tutorial, I cover how to use ConfuserEx and neo-ConfuserEx to bypass antivirus. It's worth mentioning that ConfuserEx only obfuscates .NET assemblies (compiled C# programs). I will use ConfuserEx to obfuscate a compiled version of the SafetyKatz project. Now I...
How To Execute A .NET Assembly Inside A C# Program
I played around with using csc /out:outfile.exe program.cs but the thing is you can use an executable or a DLL just the same using the Assembly.Load() method which comes with the System.Inflection namespace. This method does the following - Loads an assembly. Pretty...
How To Run Shellcode With Go
Go can be used by ethical hackers to run shellcode generated by Metasploit. That means you can use msfvenom to create shellcode that can be used by a go program to execute it. For this tutorial, I am using this project go-shellcode by brimstone on Github. First make...
How To Inject Go ShellCode With C# Into Other Processes
Go is a popular tool for offensive programming these days. The antivirus vendors are still catching up to it since it is still a niche tool for ethical hacking purposes. In this tutorial you will learn how to write a Go program to open a new Notepad process. You will...
How To Enumerate And Exploit NFS Shares
Network File System (NFS) shares are the Linux version of Windows SMB shares. These are used for Unix-based machines to share files with each other. Mounting an NFS share allows the remote client to view the files as if they were viewing them locally on the same...
How I Use Cobra For Easy Golang CLI Flags
An application should be easy to use. You've heard it before, about the legacy app that was migrated, and now the guy who managed it is no longer around. No one knows how it works. This is how I use Cobra for easy Golang cli flags for all my apps that need it. The...
How To Dump Windows Passwords Using WDIGEST Downgrade Attack
By default wdigest is disabled on Windows 10, but not removed. You can enable it with a registry change. This is a short and sweet tutorial on how to dump Windows passwords by exploiting wdigest in a wdigest downgrade attack. I demonstrate how to exploit the...
How ASREPRoasting Works And How To Defend Against It
Like Kerberoasting, ASREPRoasting is an attack that ends with offline cracking of an encrypted password hash for an account in an Active Directory domain. All it takes is an account with DONT_REQ_PREAUTH enabled. From Microsoft, the definition of this setting:...
How Kerberoasting Works And How To Defend Against It
The recent news about the SolarWinds hack that involves dozens of government agencies has brought new attention to attack against service accounts through Kerberos manipulation, known as Kerberoasting. Although this is not the only serious attack method against...
How To Exploit mRemoteNG Without Metasploit
Sometimes to perform Windows Privilege Escalation you need to simply exploit the installed software. This is a common scenario for ethical hacking challenges. This tutorial will show you how to exploit remote connection managers, such as mRemoteNG. One of those...
How To Use Sqlmap With Dvwa
While using SQLMap is not allowed on the OSCP exam, it is an ethical hacking standard and you should be very familiar with it. It is commonly used in interviews for junior penetration tester questions to weed out the wannabees. Enjoy this tutorial, how to use SQLMap...
How To Use Powershell Empire 3: The Powershell Empire 3 Tutorial
BC-Security now maintains a fork of the original, its new project is PowerShell Empire 3.0. In the online ethical hacking course Become An Ethical Hacker you will learn how to use PowerShell Empire 3.0 for Windows privilege escalation, and network penetration testing....
How To Install And Use Evil WinRM In Kali Linux
Windows has a feature named Windows remote management, otherwise known as WinRM. It uses the WS-Management protocol to allow administrators to run scripts remotely. For the ethical hacking lab we will enable this feature on the Windows 2019 server. I show you how to...
Coming SOON: Become an ethical hacker Ebook
How To Exploit Groups.xml Files
Any ethical hacker at one point comes across the Groups.xml file, a distant artifact of a less secure time in Windows history. They still exist out in the wild of course, but it is part of the essential ethical hacking education. In terms of what should you ask your...
How To Exploit Shellshock On Metasploitable 2
Metasploitable 2 doesn't come with the shellshock vulnerabillity. But that doesn't mean we can't put one there. This tutorial will show you how to exploit shellshock on Metasploitable 2 by Rapid7. What Is The Shellshock Vulnerability? Vulnerable versions of the bash...
DMV: 1 Vulnhub Walkthrough
In this vulnhub walkthrough you will learn how to complete the DMV:1 challenge. I have not figured out the significance of the name yet. There is usually a relation to the name of the box and something in or about the box. DMV: 1 Vulnhub WalkthroughMACHINE...
How To Add Exploits To Metasploit
Nothing is more annoying than not being able to add new exploits to Metasploit. So to help out I made this how to add exploits to Metasploit tutorial which is updated for msf5. There are many times where the ethical hacker needs to import an external exploit from a...
So Simple: 1 Vulnhub Walkthrough
So Simple: 1 Vulnhub WalkthroughMACHINE NAME: So Simple: 1AUTHOR: https://www.vulnhub.com/author/roel,713/DIFFICULTY: easy So Simple: 1 Vulnhub Walkthrough Here is the description from vulnhub.com This is an easy level VM with some rabbitholes. Enumeration is key to...
The Vulnuni: 1 Vulnhub Walkthrough Without Metasploit
I can't stand when there isn't a vulnhub walkthrough without Metasploit! So I made this vulnuni:1 vulnhub walkthrough without Metasploit for that reason. The vulnhub vulnuni machine is a vulnerable Linux machine that is good for learning Linux privilege escalation,...
The Axis2 and Tomcat Manager Vulnhub Walkthrough
Abusing the Tomcat Manager login is done through vulnerabilities or by guessing or brute forcing the credentials, but there is yet another way. The Apache Axis2 web service has an LFI vulnerability that can be exploited to show hidden credentials in configuration...
The Cynix 1 Vulnhub Walkthrough
This is the Cynix 1 vulnhub walkthrough for the Cynix 1 vulnerable Linux box found on vulnhub.com, enjoy. You will need Burp Suite Community Edition, I laid out in another post how to setup Burp and FoxyProxy to make the Burp setup process so much easier....
The Five86:1 Vulnhub Tutorial
This is the Five86:1 Vulnhub tutorial. What is my take on the box? It is a first of a series which is great, because you get to see the individual take of the author on hacking boxes. The box is a great Linux privilege escalation drill and a very realistic scenario...
The Five86-2 Vulnhub Tutorial
Vulnhub is a site that hosts vulnerable machines to help security practictioners hone their offensive security skills. This is the five86 2 Vulnhub walkthrough. It is a hard box and I highly recommend doing it, however if you have not yet done the first one do it now...
The Complete Hashcat Tutorial
There are hashcat tutorial guides and walkthroughs but actually good ones that are curated to provide a complete and practical use by ethical hackers are few and far between. As an Amazon Associate I earn from qualifying purchases. In this hashcat tutorial I am going...
How to Make Your First Elm App
Elm is a functional programming language. It compiles to javascript. It promises a couple things that you won't find with javascript such as no runtime errors, helpful error messages, and reliable refactoring. We will make an Elm app based on the same structure of the...
The Spraykatz Tutorial to Dominate the Network
Spraykatz is the evolution of pentesting activities specifically used during the initial internal enumeration phase. Capturing credentials using a technique like LLMNR/NETBIOS spoofing is great, but what happens when you need to dump passwords on machines in a...
DC: 9 Vulnhub Tutorial
I have some terrible news, this will be my last DC vulnhub tutorial so read on and let's get started on the DC:9 Vulnhub tutorial. The author (@DC9) made an announcement that the 9th iteration of his DC vulnub series would be his last. Here's What You Need Kali Linux...
A New PowerShell Empire – the Covenant C2 Tutorial
In this Covenant C2 tutorial you will need an Active Directory environment see how to create one quickly here. Covenant is the new command and control framework for red team and pentesting engagements. PowerShell Empire is dead and honestly Covenant is already 10x the...
The Vulnhub Goldeneye Walkthrough
This vulnhub Goldeneye walkthrough will show you every step in detail on how to get root level access and capture the final flag step by step. If you would rather setup your own free pentesting labs see my post on how to do so. Here's What You Need Kali Linux Virtual...
Automate Buffer Overflow Exploitation with Bofhelper
This is the Automate Buffer Overflow Exploitation with Bofhelper post in which I demonstrate the use of this incredible ethical hacking tool. Buffer overflows take time, too much time. Not just that, they also are difficult. Finding which characters have to be...
The Troll 1 Vulnhub Walkthrough
There are moments that are satisfying in that they validate the reason for doing this site. The Troll 1 Vulnhub Walkthrough is one of those. Nearly all of the other tutorials on various sites with names like hack3rbl0g.io, etc leave out critical details that leave you...
The Complete Responder & NTLM Relay Attack Tutorial
SMB is a common network protocol for attacks, and therefore it makes sense that Kali Linux comes with SMB exploitation tools installed. Others need to be installed and utilized, these are often conveniently located on Github. One such tool is Responder. Another tool...
The Complete Malware Analysis Tutorial
It happens everyday, something gets downloaded and noone can really be sure of what the thing is. Is it good, is it bad, what is it? In this malware analysis tutorial I showcase all the leading methods for quickly and effectively analyzing a malicious binary. A...
The Escalate_Linux Walkthrough: Vulnhub CTFs
The escalate_linux walkthrough is the vulnhub machine you need to be doing as a beginner ethical hacker to learn Linux privilege escalation. Escalate_Linux level 1 is a vulnhub virtual machine that boasts 12 different ways to reach root access through leveraging a...
The Complete Python Asyncio Guide for Ethical Hackers
When I started learning Go I quickly learned about the benefits of concurrent programing. So when I got a grasp of it in Go, I wondered if Python supported the same thing. Surely Python does, give it is so popular and a modern scripting language. The problem I found...
Use Satori for Easy Linux Privilege Escalation
I came across a blog post while researching Linux privilege escalation techniques. The tool that the post covered was a mysterious pentesting tool I had never heard of before. This is how to use Satori for easy Linux privilege escalation. I plan on adding future...
Mr Robot Vulnhub Walkthrough
Today I am writing about the Mr Robot vulnhub walkthrough made available by vulnhub. It is indeed a Mr Robot inspired virtual machine and luckily it is a VirtualBox ova and not a VMWare collection. This vulnerable machine is really something else, something special. I...
Hacking Tutorial: Write a Reverse TCP Shell in Go
In this hacking tutorial I cover how to write a reverse shell in go. Why learn go? Go is compiled so it's extremely fast and one of the most modern programming languages there is. Interested in writing a Python reverse http shell? See Learn Python By Writing A Reverse...
HackInOS Level 1 Vulnhub Tutorial
HackInOS is described as a beginner level CTF-style vulnerable machine. This one is particularly challenging because there are multiple subnets involved. That means the vulnerable machine is also the host of a local subnet I find later, the range is 172.18.0.0/24....
DC-1 Vulnhub Kali Linux Walkthrough
Want to practice the skills necessary for developing practical ethical hacking experience? Then read on. That is leveraging Kali Linux against a test virtual machine for one purpose, to go from user to root. Even more so, the goal is to not take the easy way out....
Sniff Out Vuln Paths: BloodHound Active Directory Walkthrough
Active Directory BloodHound Walkthrough - A Windows Active Directory forest can get frankly enormous and in the world of AD security, it can hard to tell the trees from the forest (pun). Luckily for both pentesting professionals and for security responders there's a...
Start Using Nessus for Free In 5 Steps
Start using Nessus for free in five easy steps or if you are feeling confident about it already and want to purchase an annual subscription. Tenable's vulnerability scanner, Nessus is a comprehensive vulnerability scanner and is one of the most popular in use today....
Learn AWS by Deploying a Go Web App
In this post I cover how to learn AWS by deploying a Go web app. Overview: Here's what I'm doing in this post. We are going to setup a new AWS instance in a few easy steps that will be able to host a Go web server. Calling this web server will return a basic response,...
Setup Windows 10 Machine Automatically Using This Script
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Analysis
Donec sollicitudin molestie malesuada. Vivamus magna justo, lacinia eget consectetur sed, convallis at tellus. Proin eget tortor risus.
Contact Us
Get Started
Browse our free blog and sign up for ethical hacking courses.