redteaming

We don't have any resources left. On this rare occassion, we've been hacking into Oceanic Climate Data. At the very least, everything in this article is for real.

When you start into Ethical Hacking, you may come from a lot of career pathes. For us this meant, we never before had contact or experience with the digital, criminal underworld. We had a lot to learn.

While doing OSINT recently, we stumbled across a way to enumerate Facebook Users - without being logged-in.

This is the latest, 2024 Germany & EU version of Open Source Intelligence. All tried and tested.

While the usual tipps on Operational Security are rather generic, we took a deep dive and looked into TrueCrime cases.

Well, well, well. What do we have here?

It's Friday, so let's go low key and look at one of many modern Enumeration and Hacking automation tools. Actually, there are 3 different versions of httpx.

Exploiting suo and csproj files recently gained attention, used in attacks on Cybersecurity researchers. We found another way

A Comprehensive Guide for Modern Pentesters

C2 Powershell Empire is a classic - but can you still use it with EDR (Defender) in place?

Let's try and do things like they're done in real attacks. While the media recently was all over ConnectWise ScreenConnect, we instead focus on AnyDesk - which is used by many Cybercriminals these days - in an Assumed Breach scenario.

We created a custom reverse shell from scratch and made it persistent - the result is scary, to say the least.

As promissed, we continue executing code using rundll32 on a fully updated system.

Today we're looking at one of the most simple evasions - it's always fascinating to wittness the beauty of traditional hacking exploration methods working to their full extend. The rundll32.exe comma bypass is one of these examples.

Discover a simple persistence technique to leverage environment path interception vulnerabilities, using SCRNSAVE.exe to trigger a Sliver mTLS payload. This detailed guide covers the process from identifying the vector to executing the Sliver payload, aimed at offensive security professionals seeking to enhance their toolkit.