How to crack encrypted SSH private keys? (2024)

How to break SSH keys. For the different key types, encryption types and file formats, whether using a script, Hashcat or John.

Tackling PXE images (2024)

Demystifying the nuts and bolts of PXE boot, and explaining how to retrieve and analyze a PXE image to find secrets (such as an AD domain account).

Kirby < 3.9.6 XML External Entity (XXE) vulnerability — CVE-2023-38490 (2023)

Detailed write-up about an XXE on Kirby CMS (CVE-2023-38490).

What’s new in ffuf 2.0 release? (2023)

Covers new features in ffuf 2.0: scrapper, request backtracking, configuration supporting XDG_CONFIG_HOME.

Transform P3 P4 P5 vulnerabilities to P1 (2022)

How to steal user sessions by chaining low risk vulnerabilities.

Ruby 3.2.0 Preview 1 : vivre dans le futur (2022)

Overview of the new features that will come in Ruby 3.2.0: WebAssembly (WASM / WASI), ReDoS protection, Unicode v14.

Some sudo elevation of privilege vulnerabilities (2021)

An introduction to 3 sudo vulnerabilities: CVE-2019-14287, CVE-2019-18634, CVE-2021-3156.

Shodan Pentesting Guide (2020)

Delving deep into Shodan's mine.

Overview of network pivoting and tunneling (2019)

State of the art of network pivoting, this paper covers several pivoting techniques as well as the existing tools to perform a lateral move.

Theft of NTLM v2 hash code via Outlook vulnerability (CVE-2023-35636) (2024)

Showcasing exploitation of the calendar sharing feature in Microsoft Outlook, whereby adding two headers to an email instructs Outlook to share the content and contact a designated machine, creating an opportunity to intercept NTLM v2 hash code.

LDAP pass back attack (2023)

Methodology for Active Directory domain accounts takeover through LDAP pass back attack on printers.

GraphQL for Pentesters (2023)

Introducing GraphQL security for penetration tests: basic concepts, security considerations & reconnaissance, vulnerabilities and attacks, offensive tools.

ffuf advanced tricks (2022)

Covers advanced use case of ffuf: the configuration file, reading from standard input, avoiding false negatives with match all and filtering with regexp, use of external payload mutators.

Cracking encrypted archives (PKZIP: Zip ZipCrypto, Winzip: Zip AES, 7 Zip, RAR) (2022)

Biham and Kocher plaintext attack on ZipCrypto Zip and wordlist attack on Zip, 7-zip and RAR.

Attaques Unicode - Rump BreizhCTF 2k22 (2022)

Case transformation collision and Hostname splitting Unicode attacks.

Security.txt | Progress in Ethical Security Research (2020)

This article looks to answer the question of how widely adopted security.txt has become, 3 years on from when it was first drafted.

SSH Pentesting Guide (2020)

A Comprehensive Guide to Breaking SSH.