Learn how to tune Nmap to get port scans completed faster without negatively impacting scan accuracy, or causing an outage.

Why Nmap Scans Are So Slow and How to Speed Them Up

How to use Nmap to perform accurate port scans assets, understand frequently overlooked options (including the defaults!) that lead to inaccurate scan results.

How to Use Nmap to (Accurately) Scan for Open Ports

In this article I propose a new tool oneshell to solve some of the problems with  existing reverse shell tooling.

oneshell to rule them all

Kubernetes pentesting. Enumeration, lateral movement and privesc with Kubehound.

KubeHound and Beyond

The aim of this presentation is understanding the art of user impersonation in Windows systems. 

Understanding Windows Lateral Movements

I present a new technique involving signed minifilters to disable EDR systems.

Using Minifilters to Disable EDRs

We regularly challenge and beat Fortune500 defenses. Often times, a decent ADCS honeypot could have stopped us. So we built one.

CERTICEPTION: THE ADCS HONEYPOT WE ALWAYS WANTED

Compromise of an SCCM administrator can lead to compromise of every machine managed by SCCM. SCCM administrators must be considered highly privileged accounts.

Evading Defenses and Moving Laterally with SCCM AD

Delve into the modern techniques and security controls surrounding password spraying. This will explore the current TTPs for password spraying.

Exploring Modern Password Spraying

Nighthawk’s 0.3 release is probably the most significant and impactful change to the framework since its creation.

Nighthawk 0.3 – Automate All the Things

This script would allow red teams get windows passwords in cleartext which can be useful in pentest engagements.

Stealing Computer Passwords on Login

This article is not about something new, but rather a report on my research into password policies in an Active Directory environment. 

Browse Infrastructure Content

Discover the best Infrastructure pentesting and infosec content, updated every day.