In this blog post, I explored various Windows defensive mechanisms, configured them, and then demonstrated techniques to bypass them.

During an internal assessment, I discovered a web application called BioTime within the target infrastructure. Preliminary research uncovered multiple known vulnerabilities, specifically those listed in 2023 on CVE Details for ZKTeco, including directory traversal and limited write capabilities. Notably, a path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allowed me to read arbitrary files by supplying a crafted payload.

Hey there in this article I will show you some ways that you can exploit Windows devices using Macros in a stealthy way that undetectable on windows defender , Firewall, and the user

We will deep dive into the concept of pivoting and some Redteaming stuff tips&tricks and in the end we will solve the Brainpan BOF machine

The Certified Red Team Expert (CRTE) is a hands-on certification from Altered Security (formerly Pentester Academy). It focuses on advanced red teaming techniques in complex Windows Active Directory environments.

We'll cover setting up your attack lab, uncovering its hidden vulnerabilities, and crafting exploits to seize control. Learn the precise dorks to unearth countless exposed systems, turning education into a direct path to compromise.

Insights into the critical security lessons learned from the HTB Dante Pro Lab.