ToxSec

Bug Bounties and Capture the Flag

Our news

  • Pass the Ticket: An AD Attack Method

    Pass-the-Ticket (PtT) is a popular method of attack in AD environments, capitalizing on Kerberos tickets to gain unauthorized access. This guide breaks down PtT for the active CTF player, offering actionable code and clear steps to execute under time pressure. PtT Basics In Kerberos authentication, tickets, rather than passwords, grant access to resources. If an…

    READ MORE

  • DDoS Attacks: How to Take Down a Server

    Distributed Denial of service [DDOS] attacks are popular cyber-attacks that focus on taking down a system’s availability by denying resources to legitimate connections. DDOS attacks can be found in many forms, commonly as an attack that heavily congests a network to the point of being unusable. Furthermore, DDoS attacks crash or even destroy resources depending…

    READ MORE

  • Privilege Escalation Techniques

    A cheat sheet and essential guide designed to assist in efficient privilege escalation techniques across various systems. Consider it a reference point. Linux Upgrade shell

    READ MORE

  • Heartbleed for Attacking OpenSSL

    HeartBleed is a bug in the OpenSSL library that allows users to access restricted memory addresses on a server. This enables unprivileged users to reach data to which they wouldn’t usually have access. This data includes confidential information such as usernames and passwords, along with a server’s private key. Preface Let’s quickly define a few…

    READ MORE

  • Netcat: The Swiss Army Knife

    In the toolbox of every security researcher, penetration tester, and cybersecurity enthusiast, there’s a tool that stands out due to its versatility and power: Netcat. Often dubbed the “Swiss Army Knife” of networking, Netcat offers functionalities that range from basic network diagnostics to complex penetration testing tasks. This article delves deep into Netcat, highlighting its…

    READ MORE

  • Metasploit for Penetration Testing

    In the realm of cybersecurity, knowledge is power. For professionals aiming to protect systems, understanding the tools and techniques that hackers might employ is crucial. This knowledge allows them to safeguard networks, applications, and systems more effectively. Among the suite of tools available to cybersecurity professionals, Metasploit stands out as one of the most potent…

    READ MORE

  • HTML Injection – Platform for Phishing Users

    HTML Injection is a type of attack that allows a malicious user to inject arbitrary HTML content into a site’s webpage. HTML injection is comparable to a limited XSS attack where malicious users can only enter HTML tags. When a web application does not properly handle user input, attackers can supply valid HTML code, adding…

    READ MORE

  • Exploitation Cheat Sheet

    This page serves as a cheat sheet for quickly launching commands for identified vulnerabilities. Use it as a reference guide or for syntax help. SQL Injection Manual SQLi Error-Based # Generic’ OR ‘1’=’1′– ‘# ‘– -# Login Formsadmin’–admin’– – Boolean-Based Blind True: ‘ AND ‘1’=’1False: ‘ AND ‘1’=’2# ‘ AND 1=1–‘ OR 1=1–‘ OR ‘a’=’a’…

    READ MORE

  • Hacking Common Services

    A cheat sheet and resource for ethically hacking common services across diverse systems. Use it as your trusted guide in cybersecurity pursuits. SMB SMBMap SMBMap allows users to enumerate samba share drives across an entire domain. smbmap -H 10.10.10.10 smbmap -H 10.10.10.10 -u victim -p password -H 10.10.10.10 [with creds] Smbclient smbclient -L 10.10.10.10 smbclient -L…

    READ MORE