Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced...
Archive - November 2022
I’m thrilled to publish my first BurpSuite plugin that I’ve built. The purpose is to find bugs on websites without typing any code, just by doing a normal browsing. This first version focuses only on XSS vulnerability...
In this post I would like to talk about shadow credential attack that can be exploited by abusing AddKeyCredentialLink privilege in an Active Directory Infrastructure. 1-What is shadow credential ? It is a technique allowing an...
Recently, I’ve discovered a new way to escalate privilege on windows through WSUS when HTTP protocol is used instead of HTTPS. In this quick explanation I’ll describe what WSUS is, explain how to detect the vulnerability and...