While tools like subfinder or amass are excellent for finding known subdomains through public records, they often miss “hidden” environments like development servers or internal staging areas. This is where altdns becomes an essential part of the security toolkit. What is Altdns? Altdns is an open-source DNS reconnaissance tool designed to discover subdomains that follow Read More …
Category: Learn IT
This is all of the posts dedicated to sharing the IT knowledge I have accumulated through the years and through all of the positions, companies, and projects. As I say, I am not the sharpest tool in the shed, but my shed and tool collection is a lot larger than the average bear, Boo Boo.
RDP – Remote Desktop Protocol
Remote Desktop Protocol is a proprietary protocol developed by Microsoft that allows users to connect to and control or manage a computer remotely over a network connection. RDP is commonly used in Windows environments, enabling users to access their desktops, applications, and files from anywhere, as long as they have an network connection. This technology Read More …
SSH – Secure Shell
SSH, or Secure Shell, is a network protocol that allows users to securely access and manage devices over a network. It is widely used for remote administration of servers and network devices. SSH provides a secure channel over an unsecured network by using encryption, which protects the data being transmitted from eavesdropping and tampering. Key Read More …
Tool Overview :: subfinder
In our journey through DNS discovery, we’ve used active tools like dnsrecon and dnsenum that directly “touch” a target’s infrastructure. While effective, active probing can be noisy. To stay under the radar while gathering a massive footprint, we turn to subfinder. As of 2026, subfinder remains the gold standard for passive subdomain discovery. Developed by the Read More …
Tool Overview: Photon
Photon is an open-source Python-based crawler designed for high-speed information gathering. It is categorized as an Open-Source Intelligence (OSINT) tool used to extract data from websites. Unlike traditional web crawlers that focus primarily on indexing content for search, Photon is optimized to identify and extract specific data points relevant to security researchers and penetration testers, Read More …
Tool Overview – IronNetTR
The GitHub repository IronNetTR, maintained by Mikhail Kasimov (forked from nathanawmk), serves as a centralized public archive for research conducted by IronNet’s Threat Research Teams. IronNetTR is a collection of technical reports and data sets focused on active cyber threats. Unlike general news sites, this repository provides the raw data and technical specifics, such as Read More …
Hunting for Missing AES in Active Directory
In the world of Active Directory security, 2026 is the year the “Compatibility Tax” finally comes due. For decades, Kerberos has quietly allowed a fallback to RC4 encryption. It was convenient, it was compatible, and, by modern standards, it is a massive security hole. With CVE-2026-20833, Microsoft has officially pulled the plug. We are currently in Read More …
Tool Overview: h8mail
h8mail is an open-source intelligence (OSINT) and password breach hunting tool written in Python. It is designed to help security professionals identify if specific email addresses have been compromised in data breaches. By aggregating data from multiple leak-checking services and local databases, h8mail provides a centralized way to audit credential exposure for individuals or entire Read More …
Beyond nslookup with .NET Sockets
This article introduces a professional-grade PowerShell script that identifies Domain Controllers using native .NET sockets, bypassing the overhead of standard administrative cmdlets. Most internal reconnaissance starts with finding the Domain Controllers. While a simple nslookup -q=srv _ldap._tcp.dc._msdcs.domain.local works, it has three major flaws: Hard-coding: It assumes you already know the domain name. Parsing: It returns Read More …
Tool Overview: theHarvester
theHarvester is an open-source tool designed for the reconnaissance phase of a penetration test or security audit. Developed by Christian Martorella, it is written in Python and serves as a framework for gathering open-source intelligence (OSINT). Its primary function is to collect emails, subdomains, hosts, employee names, open ports, and banners from various public data Read More …