Extracting NTLM hashes without the need for Mimikatz.
Offensive Security Experienced Penetration Tester (OSEP) Review
A review of the Evasion Techniques and Breaching Defences course by Offensive Security.
Dealing with Small Buffer Space
Using relative JMP instructions to escape small buffers.
Blocking Outbound Docker Traffic
Blocking outbound docker traffic using an IPTables firewall.
NTLM Relay Attacks
Performing NTLM relay attacks using SMB and LDAP.
64-Bit Return-to-libc Attacks
Bypassing NX on 64-bit Linux.
Bypassing DEP & ASLR in Linux
Bypassing DEP & ASLR using pointer leakage and return orientated programming.
Format String Exploitation
A quick tutorial on exploiting format string vulnerabilities to read and write memory.
PowerShell Constrained Mode
A guide to enabling PowerShell constrained mode.
Kali Linux – Ensuring Traffic is Only Sent via OpenVPN
A guide on configuring Kali so all network traffic is routed over an OpenVPN connection.
Pentest One Liners
A list of one line commands for Windows to download and execute payloads.
Credential Interception Using Malicious SMB Shares
How to intercept NTLM-SSP hashed credentials for offline cracking.