There are a good number of situations when we find ourselves abusing the LLMNR and NBT-NS protocols on an infrastructure penetration test, more specifically on
Category: Pentest techniques
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Introduction to Windows shellcode development – Part 3
If you missed the first two parts of this article, you can find in Part I what is a shellcode, how it works and which
Introduction to Windows shellcode development – Part 2
If you missed the first part of this series, where you can read about what is a shellcode and how it works, you can find
Introduction to Windows shellcode development – Part 1
This article contains an overview of shellcode development techniques and their specific aspects. Understanding these concepts allows you to write your own shellcode. Furthermore, you
Pivoting to internal network via non-interactive shell
During a recent penetration test we have experienced the situation where we’ve gained remote code execution with limited privileges to a web server and had
Security Café 