1. Practical Malware Analysis (Chapters 15–17) 2. The Art of Memory Forensics (Cryptographic Obfuscation in Memory) 3. Malware Unicorn’s RE101 🎓 Courses & Training 5. Open Security Training – Introduction to Reverse Engineering 6. Zero2Automated (Z2A) Blog Posts 7. Maldev Academy https://maldevacademy.com Cross-reference what you’re learning with live samples from Malpedia. 🔬 Learn Crypto Itself […]
Evil-WinRM, created by the Hackplayers team, is a penetration testing utility aimed at streamlining engagement in Windows-based environments. Built on the PowerShell Remoting Protocol (PSRP), Evil-WinRM leverages Windows Remote Management (WinRM), a SOAP-based service that communicates over HTTP (default port 5985). This makes it firewall-friendly and ideal for post-exploitation. For further details on PowerShell Remoting, […]
The following technical work is entirely credited to @infosecfacts — I was just the glorified spellchecker and keyboard monkey for this one. If you’ve got questions, feedback, or failed attempts at hacking your girlfriend’s Instagram (let’s be honest, we know you don’t have one 😉 ), direct them to Infosecfacts via the links or contact […]
About Impacket Impacket is a collection of Python classes for working with network protocols. It’s widely used in penetration testing for exploiting various Windows protocols. This cheat sheet summarizes its most useful tools with quick commands and tips. General Authentication Options -hashes LMHASH:NTHASH # NTLM hashes -no-pass # Don’t ask for password -k # Use […]
Welcome to the trench warfare of cybersecurity—where ethical hackers act like digital locksmiths, testing systems before the real crooks show up with bolt cutters. Python isn’t just a language here; it’s your Swiss Army knife in this space. From recon and scanning to exploit development and post-exploitation scripts, Python stands out as one of the […]
In a world where data is currency and everyone’s got something to hide, Gospider doesn’t ask questions—it just digs. Born from the brains of @thebl4ckturtle and @j3ssiejjj, this Go-powered beast doesn’t care if your target is a pristine marketing site or a dark, cluttered corner of the web. It gets in, gets what it needs, […]
You popped a shell—nice. But you’re still the intern, and we want root. This is your privilege escalation checklist: a no-fluff terminal command guide to start poking around and climbing the ladder. Copy, paste, listen to the machine. 🧠 System Info uname -a # Kernel version cat /etc/issue # OS info cat /etc/*-release # More […]
What Is Fuzzing? Imagine whispering sweet, chaotic nothings into a web app’s ear just to see how it reacts. That’s fuzzing. Or more accurately: you throw malformed, unexpected, or straight-up weird input at a target, hoping something breaks, spills its guts, or at least blinks weirdly. Web fuzzing is the digital equivalent of jiggling every […]
Every pentester knows that exhilarating moment when they catch a reverse shell—only to lose it seconds later by pressing “Ctrl-C” out of habit. A fragile, one-time shell is a problem, especially when certain commands require a fully interactive terminal. In this post, we’ll go beyond the usual fixes and explore powerful methods—some well-known, some lesser-known—to […]
Introduction In the vast expanse of the digital world, where every packet tells a story, Nmap is the hacker’s reconnaissance tool of choice. Whether mapping networks, identifying vulnerabilities, or conducting stealth scans, Nmap is a must-have for ethical hackers and security pros alike. This cheat sheet covers the most effective Nmap commands for network discovery, […]
