List: Pen Test Techniques | Curated by Killbit

Feb 19, 2025
32 stories
Pen Test Techniquesthings to note for future engagements
lainkusanagi
Making a Mimikatz BOF for Sliver C2 that Evades DefenderHello everyone today I want to show how to modify the Mimikatz Beacon Object File in Sliver C2 to evade Windows Defender.
6d ago
6d ago
In
InfoSec Write-ups
by
Chux
5 Ways I Got RCE’s In the WildFor offensive security professionals, finding RCE vulnerabilities is usually a crown jewel for many black-box and white-box projects. These…
Dec 7, 2024
4
Dec 7, 2024
4
Nidal Mahmud
using domain fronting to mask your C2 trafficwhat is domain fronting?
Jul 1, 2022
Jul 1, 2022
In
Posts By SpecterOps Team Members
by
Jonas Bülow Knudsen
ADCS Attack Paths in BloodHound — Part 3In this blog post, we will explore the new ESC6/ESC9/ESC10 edges we have introduced with ADCS support in BloodHound.
Sep 11, 2024
Sep 11, 2024
In
Posts By SpecterOps Team Members
by
Hope Walker
An Introduction to Manual Active Directory Querying with Dsquery and LdapsearchIntroduction
Jun 2, 2021
3
Jun 2, 2021
3
Sam Rothlisberger
Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1)
Jan 28, 2024
8
Jan 28, 2024
8
Sam Rothlisberger
Manual Indirect Syscalls and Obfuscation for Shellcode Execution
Mar 30, 2024
Mar 30, 2024
Lsec
Using Discord as Command and Control (C2) with Python and NuitkaHello fellow red teamers, I was thinking of a way to obfuscate C2 traffic and got myself an idea. Why not chain the traffic over some…
Dec 2, 2022
Dec 2, 2022
In
Geek Culture
by
Alex Rodriguez
Undetectable Windows Reverse Shells with HoaxshellRaw HTTP-based Payloads
Oct 12, 2022
Oct 12, 2022
In
InfoSec Write-ups
by
ValluvarSploit
Fastly Subdomain Takeover $2000Bug Bounty — From zero to HERO
Nov 21, 2022
8
Nov 21, 2022
8
0xElkot
How I get +10 SQLi and +30 XSS via Automation ToolHello all, My name is Mahmoud Attia aka 0xelkot
Nov 23, 2022
11
Nov 23, 2022
11
Stefan Bargan
Do you want to learn API Security Testing for free?If the answer is yes, then you’ve come to the right place. I have compiled a list of free resources about API Security.
Nov 24, 2022
Nov 24, 2022
In
InfoSec Write-ups
by
Security Shenanigans
AWS IAM explained for Red and Blue teamsIntroduction
Sep 24, 2020
1
Sep 24, 2020
1
Iraklis Mathiopoulos
How to Exfiltrate AWS EC2 DataAs Cloud infrastructure has become common, it has also become common for penetration testers to find themselves attacking clients that…
Oct 16, 2019
Oct 16, 2019
secabit
How to hack WiFi networks with mobile Raspberry Pi set?The article explains the idea of the mobile Raspberry Pi hacking set and shows how to configure and perform an attack step by step on Kali.
May 13, 2020
1
May 13, 2020
1
DR.ANHKWAR
Vulnerability Scanning with MetasploitVulnerability Scanning
Jun 15, 2022
Jun 15, 2022
Mitch Edwards
Building a Malware C2 Using Python FlaskWant to get cool research straight to your inbox every week? Join the Valhalla Weekly Newsletter here!
May 23, 2022
May 23, 2022
assume-breach
Home-Grown Red Team: Testing Common AV Evasion With PE Packers On Windows 11Bypassing AV solutions is essential for initial access, lateral movement and full domain compromise. Over the last couple of years, we’ve…
Apr 21, 2022
1
Apr 21, 2022
1
In
R3d Buck3T
by
Nairuz Abulhul
Domain Takeover with PetitPotam Exploitdomain escalation from a low-privileged user to a domain admin
Apr 24, 2022
1
Apr 24, 2022
1
Kyle Mistele
A Beginner’s Guide to EDR EvasionOr, how to get past Crowdstrike/Defender ATP/Carbon Black on your next engagement
Sep 25, 2021
Sep 25, 2021