New release: How to Hack Like a LEGEND

I think I can unequivocally state that this book was the most frustrating but probably the most enjoyable to write so far. As opposed to previous scenarios where we targeted companies with hopeless security, this book embarks us on what we might call an adversarial environment: SIEM, machine learning security…

Best VPN service to be (and stay) anonymous

This is a question I get asked a lot: “what is the best vpn service out there?”. Let us take the time to address this once and for all. There are literally hundreds of blog articles about the “best vpn service” out there. From pcmag.com to cnet.com, though most of…

Are CTF games the best way to learn pentesting?

My short answer based on what I have seen…No. Before you jump to my throat, let me say that CTF games are awesome challenges. The people behind root-me, hellboundhackers, hackthebox and the such, are doing an amazing job. Some challenges are just total brain fucks. But, This is not what…

Pentesters do not really make the world more secure

Most big clients I have been working with lately have managed to incorporate pentesting into their regular process. Almost every new application is pentested by a consulting company. The findings are presented during a meeting with the Security Officer and the action plan is approved by the project leader…Security is…

Pentesting with WMI – part 1

Today’s post will be dedicated to Windows Management Instrumentation (WMI) and how to use it in a pentesting engagement. We already talked briefly about WMI in How to Hack Like a GOD, but the idea is to expand on what was already presented and discover the true potential of WMI….

How to bypass Windows Applocker

Remember we met Applocker on the Citrix server in Hack Like a GOD. It’s a whitelisting tool that can make it a bit harder to pwn a Windows system. Check out my guest blog at hacking-tutorial.com to learn how to bypass it!

Mass mimikatz

In Hack Like a Pornstar we had a number of machines sharing the same local administrator account. We had to launch Mimikatz on all of them in the hope of getting that Domain Admin account. This post will go over the different ways to achieve such mass mimikatz execution. WinRM…

Pass-The-Hash – 20 years and still rocking

Few techniques can claim to be as popular and effective as good ol’ pass the hash in Windows environments. This prime example highlights the danger of screwing up the design of an authentication protocole. This post does not aim to explain PTH, we have talked about it in HFB, plus…

Mimikatz & bypassing AV

This post is a simple shout out to a blog post I enjoyed reading and that proves a point I have repeated endlessly throughout Hack like a Pornstar & Hack a Fashion Brand: AV products that rely on signatures (that’s almost all of them) can be trivially bypassed! If you…

Simple HTTPs servers

I love the SimpleHTTPServer module on Python. It sets up a quick HTTP server when you are in dire need of a simple way to download files to a target. root@Kali:~# python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 … On a real assignment however I need two extra…