Extracting NTLM Hashes With User Privileges

Extracting NTLM hashes without the need for Mimikatz.

Offensive Security Experienced Penetration Tester (OSEP) Review

A review of the Evasion Techniques and Breaching Defences course by Offensive Security.

Dealing with Small Buffer Space

Using relative JMP instructions to escape small buffers.

Blocking Outbound Docker Traffic

Blocking outbound docker traffic using an IPTables firewall.

NTLM Relay Attacks

Performing NTLM relay attacks using SMB and LDAP.

64-Bit Return-to-libc Attacks

Bypassing NX on 64-bit Linux.

Bypassing DEP & ASLR in Linux

Bypassing DEP & ASLR using pointer leakage and return orientated programming.

Format String Exploitation

A quick tutorial on exploiting format string vulnerabilities to read and write memory.

PowerShell Constrained Mode

A guide to enabling PowerShell constrained mode.

Kali Linux – Ensuring Traffic is Only Sent via OpenVPN

A guide on configuring Kali so all network traffic is routed over an OpenVPN connection.

Pentest One Liners

A list of one line commands for Windows to download and execute payloads.

Credential Interception Using Malicious SMB Shares

How to intercept NTLM-SSP hashed credentials for offline cracking.