According to the latest installation guide on havocframework official site Havoc Havoc is a modern, malleable post-exploitation command and control framework made for penetration testers, red teams, and blue teams. It’s free and open-source on github written and maintained by Paul Ungur (C5pider) GitHub - HavocFramework/Havoc: The Havoc Framework. Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. ⚠️ Havoc is in an…github.com

Continuing from the previous post (Mac pentest series): Installing Homebrew without sudo privilege (Mac pentest series) Install Homebrew without sudo privilege Recently, my company provided me with a 2023 MacBook Pro, equipped with the M2 chip, as a replacement for my old Lenovo…chennylmf.medium.com Today, I’d like to share a method for installing applications on macOS without requiring an admin password. …

Recently, my company provided me with a 2023 MacBook Pro, equipped with the M2 chip, as a replacement for my old Lenovo laptop. Along with that, I was given the task of testing the MacBook’s security in the workplace. This marked the beginning of my security journey with Apple products…

JSON web tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems. They can theoretically contain any kind of data, but are most commonly used to send information (“claims”) about users as part of authentication, session handling, and access control mechanisms. Unlike with classic session tokens…

The article covers various topics related to prototype pollution from burp web academy, including client-side and server-side attacks, as well as methods for detecting and bypassing input filters. The table of contents includes: In client-side JavaScript, this commonly leads to Dom XSS, while server-side prototype pollution can even result in…

Anbox puts the Android operating system into a container, abstracts hardware access and integrates core system services into a GNU/Linux system. It’s a great tool for doing android pentest. …

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021–44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. …

On December 9, 2021, security researchers discovered a flaw in the code of a software library used for logging. The software library, Log4j, is built on a popular coding language, Java, that has widespread use in other software and applications used worldwide. …

I just cleared my CRTP (certified red team professional) examination from pentester academy . As many people encourage me to write some reviews about this exam , here I come ! The reason I took this course is because I think I’m really weak in windows AD attacking and defending…