How To manually check CVE-2021-3156 | Sudo buffer overflow
To test if you are vulnerable to sudo buffer overflow for CVE-2021-3156 use the following command
sudoedit ….
Tutorials
Tutorials
Empire 3.7 and Starkiller 1.6
Last week we announced a new partnership with Kali for Starkiller and Empire. You can read up more about that
Read more
Kali and BC Security Partnership
Background In November, Kali announced a new program for supporting tool developers, which kicked off with sponsoring Byt3Bl33d3r. We are
Read more
KDE Plasma, NVIDIA Prime and External Monitor problems
A tutorial explaining a workaround fix for KDE plasma / NVIDIA crashing to a black background and no taskbar in Kubuntu with an external monitor.
Read more
Hack The Box Walkthrough guide to: Delivery
Come and read the step by step walkthrough guide to Delivery on Hack The Box.
We start with a nmap scan to see what ports are available…
Read more
Bug Bounty API Key Testing CheatSheet
A list of commands that can be used to test API keys that are found in Bug Bounty engagements.
Read more
How to Integrate a Thinkst Canary Token with Telegram
WTF is a canary token I hear some of you ask? Well, they are pretty nifty little things. If that
Read more
Hack The Box Walkthrough Guide to: ID Exposed
Hack The Box Walkthrough Guide to: ID Exposed using Google and OSINT
Read more
Whitelisting an IP address in ModSecurity , WordPress troubleshooting, integration and automation.
I have been recently been using Integromat.com for some automation and integration work. IF you are wondering what it is,
Read more
Hack The Box Walkthrough Guide To: Doctor
Start with a nmap scan, then we want to open burp suite and navigate to…
Read more
Hack The Box Walkthrough Guide To: Omni
EDIT: Now unlocked for all as the machine has been retired. Disclaimer: I do NOT want you to read this
Read more
How to install Tilix on Kali Linux
Do you love using Tilix, but found that the latest version of Kali Linux doesn’t seem to support installing it
Read more
Hack The Box Walkthrough Guide To: Academy
I start up the machine then always start with a quick Nmap and the follow it up with a more intense one shortly after. I highlight things that look interesting and may warrant further investigation.
Read more
Adding Telegram notification to Synology NAS Watchtower
I am going to assume you have already got your NAS working, with a working install of WatchTower.Once that is
Read more
Return of the CLI
The new Empire CLI is out and includes some big changes to the user experience. We rebuilt the CLI to
Read more
Overview Of Empire 3.4 Features
Its been about 2-weeks since we released Empire 3.4, and hopefully, everyone has had a chance to check out all
Read more
Empire: Malleable C2 Profiles
Empire 3.4.0 is our next major release and is packed with one of the most advanced features to-date, Malleable C2.
Read more
PowerShell Logging: Obfuscation and Some New(ish) Bypasses Part 1
While giving our talk at the DEF CON Red Team Village a couple of weeks ago, I previewed a PowerShell
Read more
Random SMTP Fun with Telnet
Over the weekend, we were setting up a virtual range for our upcoming class this weekend and was testing a mail server.
Read more
Reflective PE Injection in Windows 10 1909
Last month we taught our DEF CON 27 workshop, Introduction to Sandbox Evasion and AMSI Bypasses, as a webinar. It
Read more
Using the OneDrive Listener in Empire 3.1.3
Anthony Rose | Jake Krasnov As part of the update to Empire that we pushed out today, the OneDrive listener
Read more
An Introduction to Starkiller
Vincent Rose | Jacob Krasnov | Anthony Rose Today we are excited to announce the release of Starkiller! Our multi-user
Read more
An Introduction To Offensive Security
Jacob Krasnov | Anthony Rose This blog is going to be the first entry in a series that goes over
Read more
Why are Frida and QBDI a Great Blend on Android?
Introduction Reverse engineering of Android applications is usually considered as somewhat effortless because of the possibility of retrieving the Java
Read more