In the blog post “SCIM Hunting,” the author explores the Security Assertion Markup Language (SAML) and System for Cross-domain Identity Management (SCIM) protocols, which are essential for managing user identities and access in cloud environments. For someone new to IT, understanding these protocols is crucial, as they play a significant role in ensuring secure access Read More …
Tag: red
Hacker TV – GoFetch
This video demonstrates how GoFetch utilizes Bloodhound attack graph data to automatically pivot from an exploited host to the domain controller. The demonstration begins in Bloodhound, where the presenter identifies the attack path to the domain controller. After finding a path, the graph is exported for use by the attack script. The presenter then launches GoFetch Read More …
LazyOwn: CRIMEN
For offensive security experts, LazyOwn: CRIMEN is an advanced, Python-based framework meticulously designed to streamline and automate complex penetration testing and vulnerability analysis tasks, particularly for red team operations. Far more than a simple collection of scripts, LazyOwn aims to be a comprehensive toolkit, integrating a vast array of functionalities to mimic sophisticated cyber adversaries. Read More …
Conference Video – Dirty Red Team tricks
Let’s time travel to 2003 with today’s tools and own everything. This talk takes you inside the red teams at the North East and Mid Atlantic Collegiate Cyber Defense competition events. Raphael Mudge, the developer of the Armitage Metasploit GUI, will guide you on this journey. You will learn how to automate Metasploit, nmap, and Read More …