Metasploit, Exploit machines, run payloads, do post-exploitation., Responder, Capture NTLMv2 hashes by poisoning LLMNR/NBT-NS., Impacket, Python scripts for SMB, Kerberos, AD attacks., CrackMapExec, Active Automate Spray passwords, reuse creds, attack SMB/AD., Hydra, Active Brute-force credentials across protocols.SSH/FTP/etc, msfvenom, Generate payloads (reverse shells, EXEs, macros)., Netcat, Active Reverse shells, tunneling, data transfer., Hashcat, Active GPU hash cracking., John the Ripper, Active CPU hash cracking., Medusa, Active Parallel brute-forcing tool. "bruteforce a lot of accounts fast", Burp Suite, Active Web app testing and brute-forcing logins., Certify, Abuse Active Directory Certificate Services., Seatbelt, Windows security posture enumeration. “Collect Windows security info.”, PowerShell/ISE, Run automation scripts, execute payloads, enumerate system., PsExec, Execute commands on remote Windows systems., Evil-WinRM, Remote shell into Windows via WinRM + pass-the-hash., Mimikatz, Dump passwords, hashes, tickets (LSASS)., Rubeus, Kerberos ticket abuse (requesting, forging, roasting)., LOLBins, Active Use built-in Windows binaries for stealth., ZAP (OWASP), Web proxy + vulnerability scanner. open source burp suite, Postman, Active Craft/test API requests, sqlmap, Active Automated SQL injection exploitation., Gobuster/DirBuster, Active Directory/file brute-forcing., WFuzz, Active Web parameter fuzzing., WPScan, Active WordPress vulnerability scanner., Pacu, Active AWS exploitation framework., Docker Bench, Security benchmark for Docker hosts., Prowler, Passive AWS CIS benchmark security posture checks., ScoutSuite, Multi-cloud auditing (AWS, Azure, GCP)., WPAD, Exploit Web Proxy Auto-Discovery to capture auth..

Attacks & Exploits

by
I-Print kini
Embed

Leaderboard

Visual style

Mga Option

I-switch ang template

)
I-restore ang gi-autosave: ?