In penetration testing, there’s a world of difference between reconnaissance (recon) and data collection (enum). Recon involves passive actions; while enum, active ones. During recon, you use only open sources (OSINT), and the target system is not affected in any way (i.e. all actions are performed anonymously). By contrast, at the enumeration (data collection) stage, you interact with the target. This article discusses the data collection stage as an integral component of any pentesting study.

In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade antivirus protection in pentesting studies and conceal a suspicious telemetry source from EDR in the course of Red Team operations.

Chances are high that you had dealt with DHCP when configuring a router. But are you aware of risks arising if this protocol is misconfigured on a company’s server? Using its misconfigurations, not only can a hacker disable the DHCP server, but also deliver an MITM attack and intercept critical data. This article discusses two attack vectors targeting DHCP and provides important security recommendations.

This article discusses different variations of the NTLM Relay cross-protocol attack delivered using the RemotePotato0 exploit. In addition, you will learn how to hide the signature of an executable file from static analysis.

Imagine a situation: you managed to penetrate the network perimeter and gained access to a server. This server is part of the company’s internal network, and, in theory, you could penetrate there as well. Too bad, the compromised node is in the DMZ and doesn’t have access to the Internet. Will you be able to get inside in this case?

Attacks on dynamic routing domains can wreak havoc on the network since they disrupt the routing process. In this article, I am going to present my own modification of the Evil Twin attack designed to intercept data in OSPF-based networks. I will also demonstrate how to connect to an offline system, bypass authentication, and perform a malicious LSU injection.

The primary objective of virus writers (as well as pentesters and Red Team members) is to hide their payloads from antiviruses and avoid their detection. Various techniques are used for this purpose. This paper discusses two of them: Herpaderping and Ghosting.