Kali is the best known red teaming and pentest Linux distribution for many years. It has hundreds of pentesting tools as the rewrite of BackTrack. In years, with the complexity of attacks, organizations created their own red and blue teams in the organization. And because of the different approaches ofContinue Reading

In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services. First, we start with creating a malicious .exe file called mal.exe with msfvenom. With this payload, we will be able to createContinue Reading

In this article, I want to show you how to embed payload in PDF with EvilPDF tool. By the end of the article, you will be able to embed payload in PDF, and get a reverse shell from the victim, hopefully 🙂 EvilPDF is a Linux tool made in pythonContinue Reading

Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We willContinue Reading

Subdomain enumeration is an information gathering technique. It can be used to define the all sites opened to the internet in a company. In large organizations, it is very common to have some forgotten websites that having vulnerabilities or some sensitive data. So, subdomain enumeration also important for bug bounty.Continue Reading

WPStatistics, as the name suggests, a plugin allows site owners see and show their visitor count. It also brings IP address and country details of the visitors. Wordfence Threat Intelligence team announced that they find a vulnerability in WPStatistics plugin. This plugin is installed more than 600.000 WordPress website. ThisContinue Reading

Brute force is an old attack technique but it can be still gold. For brute force attack, we need a wordlist/password list that will be tried by the tool we use, including possible passwords. Then, the tool will try thousands of these passwords per second. This is also referred toContinue Reading

Computer forensics is a set of methodological techniques to gather, identify and present evidence from digital equipment. There are many different techniques required. One of them is getting the system information. Process Explorer is a tool helping you to get system information from any Windows machine. Process Explorer (procexp64.exe) isContinue Reading

If you are familiar with infosec, you must know already what Metasploit is. So, I will not explain it here again. Metasploit is a predefined tool in Kali but if you use Ubuntu like me, it is better to install Metasploit on it even if switching to Kali for using.Continue Reading