LinPEAS: Automating Linux Privilege Escalation Enumeration Once you’ve landed on a Linux machine during a penetration test, your goal is simple: escalate privileges. Whether you’re stuck in a restricted shell or sitting as a low-privileged user, your mission is to become root. That’s where LinPEAS comes in. What Is LinPEAS? LinPEAS is part of the […]
Rubeus for Pentesters: Introduction Kerberos is a cornerstone of authentication in modern Windows environments, especially within Active Directory domains. But it’s also full of opportunities for abuse — if you know where to look. Rubeus is one of the most powerful tools for post-exploitation Kerberos abuse. Written in C#, it allows attackers and red teamers
PowerSploit Framework: The Swiss Army Knife of Post-Exploitation Overview PowerSploit is a modular post-exploitation framework written in PowerShell, designed for penetration testers and red teamers to interact with Windows environments after gaining initial access. It focuses on privilege escalation, credential access, persistence, reconnaissance, and bypassing security defenses — all using native PowerShell. Developed by the
ldapsearch for Pentesters: Active Directory LDAP Enumeration Category: Pentesting Tools & TechniquesTool Focus: Active Directory, LDAP Queries, User and Group Enumeration What Is ldapsearch? ldapsearch is a command-line utility used to query LDAP (Lightweight Directory Access Protocol) servers. In a Windows environment, this typically means querying Active Directory for objects like: Unlike some tools, ldapsearch
rpcclient : Interacting with Windows RPC Services Category: Pentesting Tools & TechniquesTool Focus: Active Directory Enumeration, RPC Queries, User and Group Discovery What Is rpcclient? rpcclient is a command-line utility that lets you communicate with Windows RPC (Remote Procedure Call) services over SMB. It’s part of the Samba suite and allows you to query Active
smbclient for Pentesters: Accessing and Enumerating SMB Shares Category: Pentesting Tools & TechniquesTool Focus: SMB Enumeration, Looting, Anonymous Access What Is smbclient? smbclient is a Linux command-line utility from the Samba suite that lets you interact with SMB (Server Message Block) services — similar to FTP. It allows you to: When Should You Use smbclient?
Kerbrute for Pentesters: Username Enumeration & Kerberos Attacks Category: Pentesting Tools & TechniquesFocus: Active Directory, Kerberos, Enumeration What Is Kerbrute? Kerbrute is a powerful tool built in Go that helps pentesters interact with the Kerberos protocol to: It leverages how Kerberos responds to authentication requests to figure out whether a username is valid or not
GTFOBins: Living Off the Land as a Pentester What Is GTFOBins? GTFOBins is a curated project that lists Unix binaries that can be abused by attackers — especially in restricted environments — to escalate privileges, maintain access, or escape limited shells. These are legitimate system binaries already present on most Unix-like systems. Because they’re trusted
Impacket for Pentesters: Weaponizing the Protocols Impacket is a collection of Python classes developed by SecureAuth for working with network protocols. But for pentesters, it’s much more — it’s a Swiss Army knife for abusing Microsoft protocols, performing network attacks, and dumping credentials. Think of it as a set of ready-made weapons for: Impacket makes
Mimikatz & Kiwi: Weaponizing Credentials in Windows In the world of Windows post-exploitation, Mimikatz is your scalpel and Kiwi is your Swiss army knife. These tools help you extract, impersonate, and abuse credentials from user hashes to domain secrets, in ways that can flip the whole network in your favor. This guide breaks down how
