In the world of Active Directory security, 2026 is the year the “Compatibility Tax” finally comes due. For decades, Kerberos has quietly allowed a fallback to RC4 encryption. It was convenient, it was compatible, and, by modern standards, it is a massive security hole. With CVE-2026-20833, Microsoft has officially pulled the plug. We are currently in Read More …
Category: Tools
Tool Overview: h8mail
h8mail is an open-source intelligence (OSINT) and password breach hunting tool written in Python. It is designed to help security professionals identify if specific email addresses have been compromised in data breaches. By aggregating data from multiple leak-checking services and local databases, h8mail provides a centralized way to audit credential exposure for individuals or entire Read More …
Beyond nslookup with .NET Sockets
This article introduces a professional-grade PowerShell script that identifies Domain Controllers using native .NET sockets, bypassing the overhead of standard administrative cmdlets. Most internal reconnaissance starts with finding the Domain Controllers. While a simple nslookup -q=srv _ldap._tcp.dc._msdcs.domain.local works, it has three major flaws: Hard-coding: It assumes you already know the domain name. Parsing: It returns Read More …
Tool Overview: theHarvester
theHarvester is an open-source tool designed for the reconnaissance phase of a penetration test or security audit. Developed by Christian Martorella, it is written in Python and serves as a framework for gathering open-source intelligence (OSINT). Its primary function is to collect emails, subdomains, hosts, employee names, open ports, and banners from various public data Read More …
Tool Overview: Maigret
Maigret is an open-source intelligence (OSINT) tool designed to automate the process of username reconnaissance. Developed as a fork of Sherlock, Maigret expands upon the concept of searching for a specific identifier across a vast array of websites to build a profile of an individual’s digital footprint. Core Functionality Maigret operates by taking a single Read More …
Automating the Audit
Stop Staring at DNS Records If you are new to Information Security, you’ll quickly learn that visibility is your best friend. One of the first things I look at when assessing a domain’s posture is its DMARC (Domain-based Message Authentication, Reporting, and Conformance) record. DMARC tells the world how to handle emails that claim to be Read More …
A Powerful OSINT Tool for Username Discovery
The ability to gather intelligence efficiently is a foundational skill. One effective tool for early stages is Sherlock. Named after the legendary detective, Sherlock is an open-source, Python-based tool designed to help security professionals and researchers locate a specific username across hundreds of different websites and social media platforms simultaneously. How Sherlock Works Sherlock operates Read More …
Automating Infrastructure Visibility with dig
In modern cybersecurity, you cannot protect what you don’t know exists. Traditional DNS tools often give you fragmented data. You get an A record here, an SPF record there, but connecting those to an owner (WHOIS) or a risk profile (Shodan) usually requires manual effort. A Solution: One Script to Rule Them All I’ve consolidated Read More …
Frankenmap
Modern Intrusion Detection Systems (IDS) easily spot the distinct signatures of Nmap’s default aggressive probes. Here is a stealth blueprint for getting OS, version, and script data without kicking the front door down: 1. Deconstructing the Aggressive Scan Instead of using -A, use these specific flags to control exactly what information is gathered and how Read More …
NMAP discovery options
I will break down the options for each command. Command 1: sudo nmap -sn 10.0.0.* -oG – | awk ‘/Up$/{print $2}’ –discovery-ignore-rst Summary: This command is used to build a list of “up” machines on a specific subnet (in this case, 10.0.0.*). Breakdown: sudo nmap -sn 10.0.0.*: Performs a simple ping scan (-sn) on the Read More …