Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

IIS Vulnerability Triggers a Denial-of-Service

Microsoft has recently rolled-out updates for addressing a vulnerability in its Internet Information Services (IIS). Allegedly, this Microsoft IIS bug could cause a denial of service since the CPU usage rises to 100%. Microsoft IIS Bug Leading To DoS Microsoft has warned users of a serious security vulnerability targeting Internet Information Services (IIS). In its […]

Kaboom – Script That Automates The Penetration Test

Kaboom is a script that automates the penetration test. It performs several tasks for each phases of pentest: Information gathering [nmap-unicornscan] Vulnerability assessment [nmap-nikto-dirb-searchsploit-msfconsole]It tests several services: smb ssh snmp smtp ftp tftp ms-sql mysql rdp http https and more…It finds the CVEs and then searchs them on exploit-db or Metasploit db. Exploitation [hydra] Usage […]

Password Cracking and Login Brute-force [Stats]

People are frequently misguided and look at the password brute-forcing (password cracking) as on a miracle approach to gain access to something, especially people not engaged in IT industry, non-tech folks (not sure if Hollywood is to blame). In any case, numerous times we’ve received inquiries from people asking us to “brute-force” some hashes or […]

Australia Says State Actor Responsible For Parliament System Hack

Australia on Monday said a “sophisticated state actor” had hacked the country’s main political parties and parliament, just weeks before a closely fought election. Prime Minister Scott Morrison told lawmakers security agencies looking at a hack of lawmakers “also became aware that the networks of some political parties; Liberal, Labor and Nationals have also been […]

XSS Chef: Generating Custom XSS payloads

XSS Chef is a small React.js application inspired by CyberChef, which provides users with a modular way to build JavaScript payloads to typically be used during penetration tests to demonstrate cross-site scripting vulnerabilities. A live copy of the application can be found here. The current set of recipes can be found below, along with a description […]

UACME v3.1.5 releases: Defeating Windows User Account Control

Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor. x86-32/x64 Windows 7/8/8.1/10TH1/10TH2/10RS1/10RS2 (client, some methods, however, works on server version too). Admin account with UAC set on default settings required. git clone Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See “Run examples” below for more info. First, param […]

An Overview of UBA, SIEM and SOAR Solutions: What Are the Differences?

In pursuit of safeguarding proprietary data, companies are increasingly integrating information security systems into their IT departments. The motivation boils down to the crucial role of information in business processes nowadays. Since the range of available information security systems is continuously expanding, companies need to have an idea of the types of these systems and, […]

R3con1z3r – Lightweight Web Information Gathering Tool

R3con1z3r is a simple and lightweight web information gathering tool with all features written in Python. With this tool you can perform open source intelligence (OSINT) web-based footprinting in an easy and quick way. R3con1z3r: Lightweight Web Information Gathering Tool R3con1z3r is a passive reconnaissance tool with built-in functionalities that can help you gather open […]

Domain Name Hierarchy (Registry vs Registrar)

Domain registration and management involves multiple parties with different roles, like Registry, Registrar, Reseller & Registrant (Domain Name Hierarchy). On top of those 3, there’s also ICANN (Internet Corporation for Assigned Names and Numbers). We’ll quickly cover all these roles. ICANN ICANN is non-profit entity comprised of individuals, government, law enforcement, intellectual property law and […]

Ethical Hacking Tutorials © 2018
Skip to toolbar