rpcclient : Interacting with Windows RPC Services Category: Pentesting Tools & TechniquesTool Focus: Active Directory Enumeration, RPC Queries, User and Group Discovery What Is rpcclient? rpcclient is a command-line utility that lets you communicate with Windows RPC (Remote Procedure Call) services over SMB. It’s part of the Samba suite and allows you to query Active […]
smbclient for Pentesters: Accessing and Enumerating SMB Shares Category: Pentesting Tools & TechniquesTool Focus: SMB Enumeration, Looting, Anonymous Access What Is smbclient? smbclient is a Linux command-line utility from the Samba suite that lets you interact with SMB (Server Message Block) services — similar to FTP. It allows you to: When Should You Use smbclient?
Kerbrute for Pentesters: Username Enumeration & Kerberos Attacks Category: Pentesting Tools & TechniquesFocus: Active Directory, Kerberos, Enumeration What Is Kerbrute? Kerbrute is a powerful tool built in Go that helps pentesters interact with the Kerberos protocol to: It leverages how Kerberos responds to authentication requests to figure out whether a username is valid or not
Final Active Directory Lab Overview – corp.local Purpose of the Lab Domain Overview Setting Value Domain Name corp.local Domain Controller Windows Server (GUI version) Domain Admin Account corp\administrator Network Adapter Mode Host-Only or Internal DNS Role Installed Yes (used for AD & name resolution) Organizational Units (OUs) User Accounts Username Display Name Department Role Password
How Windows Works Behind the Scenes: A Pentester’s Field Guide Windows might seem like a maze of pop-ups, processes, and services — and that’s because it is. For pentesters, understanding how these core parts of the operating system fit together is crucial. It’s how you move stealthily, escalate privileges, set persistence, and stay undetected. The
Windows – Behind the Scenes Read More »
WMI for Pentesters: Windows Management Intrusion WMI — Windows Management Instrumentation — is one of the most underrated tools for pentesters. It’s built into every modern Windows system and offers stealthy, scriptable access to everything from system info and processes to remote command execution and persistence. If you’re not using WMI during post-exploitation or lateral
GTFOBins: Living Off the Land as a Pentester What Is GTFOBins? GTFOBins is a curated project that lists Unix binaries that can be abused by attackers — especially in restricted environments — to escalate privileges, maintain access, or escape limited shells. These are legitimate system binaries already present on most Unix-like systems. Because they’re trusted
Impacket for Pentesters: Weaponizing the Protocols Impacket is a collection of Python classes developed by SecureAuth for working with network protocols. But for pentesters, it’s much more — it’s a Swiss Army knife for abusing Microsoft protocols, performing network attacks, and dumping credentials. Think of it as a set of ready-made weapons for: Impacket makes
Mimikatz & Kiwi: Weaponizing Credentials in Windows In the world of Windows post-exploitation, Mimikatz is your scalpel and Kiwi is your Swiss army knife. These tools help you extract, impersonate, and abuse credentials from user hashes to domain secrets, in ways that can flip the whole network in your favor. This guide breaks down how
Post 11: Common Web Exploits in OSCP & eCPPT Exams Real-World Exploitation Paths That Actually Work This post summarizes the most frequently exploited web vulnerabilities you’re likely to encounter during your OSCP or eCPPT exam. These aren’t theoretical — they’re practical, proven, and often lead to initial footholds or shell access. We’ll cover what to
Common Web Exploits Read More »
