Category Archives: Penetration Testing

How to be a Hacker or a Cybersecurity Expert?
So you want to be a Hacker? Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, […]

Information/Cyber Security Cheat Sheet
This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the industry, facilitating the spread of knowledge, no matter the skill level. If any errors are spotted, or any links need adding / updating […]

Active Information Gathering with Metasploit-Framework
Using Nmap to perform port scanning Using -sT scanning mode is the default scanning mode of Nmap. The status of the target port is accurately judged through the TCP three-way handshake packet. Since three connections are established, it is extremely easy to be captured by the target firewall. msf> nmap -sT 127.0.0.1 The -sS scan […]
Offensive and Defense Exercise Preparation | How to build an effective corporate security defense system
After the epidemic, work and life gradually returned to normal. For the network security industry, offensive and defensive drills are once again on the agenda. In the new year, how do companies prepare for defense? Let us find the answer from the review and reflection in 2019/20. In 2019/20, offensive and defensive exercises once became […]

Mimikatz Exploration – WDigest
Mimikatz, to this day, remains the tool of choice when it comes to extracting credentials from lsass on Windows operating systems. Of course this is due to the fact that with each new security control introduced by Microsoft, GentilKiwi always has a way out. If you have ever looked at the effort that goes into […]

Automated Lab: Automate Your Active Directory Security Lab
Building an active directory security lab is not easy, it requires time and resources as well as skills. What if we had an automated way of doing all the hard work? Well, that’s where AutomatedLab! Is convenient! github.com AutomatedLab (abbreviated as AL ) is an automated construction framework for Windows environments developed by Microsoft . You can use it to create labs in […]

THREAT MODELING TODAY
What Is Threat Modeling? Threat modeling is a proactive approach to identifying entry points to enumerate threats and building security measures to prevent security breaches in applications and computer and network systems. It’s an engineering technique you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that could affect your application and systems. […]