Home
Node Security
Cancel

JWT Fuzzing

The goal of this tool is to create a list of fuzzing payloads for testing JWTs on web services and applications. The payloads are designed to test common JWT issues and bypasses, as well as attempt...

SSH Server Hardening

Guide for hardening SSH server on a Linux machine. Enable Passwordless Authentication Disable Password Authentication Disable Empty Passwords Disable Root Login Change Default SSH Port ...

Configuring SSH Server

Guide for learning how to setup and configure SSH server on Linux (debian). Getting Started Install SSH Server Server Config Connection Banner Login Welcome Message...

Dump SAM, SYSTEM and SECURITY

Demonstration of how dump SAM, SYSTEM and SECURITY registry files. Prerequisites Ensure you have access to an Admin level command prompt. Dump Files reg.exe save hklm\sam sam.sav reg.exe save hkl...

Windows UAC Privilege Escalation

Demonstration of how to perform Windows UAC Privilege Escalation (CVE-2019-1388). This vulnerability allows a user to escalate from a low privilege level (non-admin) to SYSTEM. Download EXE W...

Windows Custom Right Click Menu Option

How to add a custom menu option to the right click menu in Windows 10 and have it execute a command/application. Steps Open regedit.msc. Navigate to HKEY_CLASSES_ROOT\*\shell. Right click o...

Using Wget

How to perform requests using wget and setup a http proxy for wget. API Call wget https://testing.com/login Ignore Cert Issues --no-check-certificate Add Headers --header 'Authorization: Basic ...

User Dumping with MSOL

With MSOnline you can extract & search for users in a domain after obtaining a domain account. Install MSOnline Connect Search & Dump Commands Dump all Users Dump f...

When are OPTIONS Requests Sent?

In this post we’ll look at OPTIONS requests, when they get sent, and their security implications. A basic understanding of CORS and CSRF attacks would be beneficial before reading this post. S...

Admin to SYSTEM with PsExec

Escalate from admin to SYSTEM on a windows machine by doing the following. Download Tools Download Sysinternals Suite from Microsoft here. From Admin to SYSTEM Run the following command in an Adm...