ZTH

ZTH-CH4: Hook & Sling - Phishing For Gold

To this date, phishing is one of the most prevalent first stages of entry to an organisation, a lot of threat actors

automation Featured

HoneyPoC is Dead - Long Live Disinformation

This short blog post explains what each tool does and overviews the use/reason for the release. Release of AutoPoC and SandboxSpy.

carhacking

Free Audi MMI Maps and Speedcams Update 2025

Update Audi Maps and Speedcams for free; files and steps are included for Maps 2022/2023/2024/2025. All without the need for OBDeleven or VCDS. This process will work for other VAG cars too not just Audi.

automation

Orchestrating deployment of @myexploit2600's hacklab with Ansible and Vagrant [REDUX]

Deploy your hacklab using Ansible and Vagrant for fast, repeatable results. Building on the work by @myexploit2600, we're going to use Ansible and Vagrant to automate the manual steps of constructing a domain and vulnerable users.

azure Featured

Azure Attack Paths: Common Findings and Fixes (Part 1)

This post will walk through various services within the Azure catalogue and look at potential attack paths.

redteam Featured

Understanding Cobalt Strike Profiles - Updated for Cobalt Strike 4.6

A deep dive into specifics around cobalt strike malleable c2 profiles and key information that is new in cobalt strike 4.6

redteam Featured

Chasing the Silver Petit Potam to Domain Admin

Exploiting Petit Potam in a different way to force some downgrade and protocol attacks.

A Minor Update - No Blog Posts for a While!

Readers of ZSEC and my Twitter feed, A quick message/explanation. I have published my last two blog posts for a while as I am working on my second book; LTR102 [https://leanpub.com/LTR102-Expanding-Your-Security-Horizons] which is almost complete but as I write a lot on a fortnightly basis there

2021 - Looking Back on a Great Year

I have made it somewhat of a tradition to look back at the previous 12 months in a blog post on the last day of the year or last week of the year. Both from a professional perspective and personal life. Acting as a timeline, look back at my technical

redteam Featured

Tunnelling For Offensive Security

One thing that comes up a lot when it comes to red teaming, penetration testing and breaching a network is being able to proxy traffic into multiple environments.

honeypoc Featured

AutoPoC - Validating the Lack of Validation in PoCs

HoneyPoC was a project to look at how popular CVE PoCs could be. AutoPoC took that concept and enabled the mass creation of disinformation. Also, Data is beautiful.

ltr101 Featured

LTR102 - Teaser

I started writing LTR102 a while ago but have decided to release a teaser chapter of the new book for free for folks to check out and feedback on. This is the introduction and chapter 1.

redteam

ADExplorer Exporting Quick Tip

Working with ADExplorer as a Red Teamer is really useful for seeing the whole domain in a single snapshot that can be looked at offline. There is minimal tooling out there for parsing ADExplorer or even exporting things and the closest I could find was ADEGrab [https://github.com/stufus/

Featured

Some of the [Many] Problems with Security Skills

Some of the problems with Security/Infosec/Insert whatever you want to call this industry here and the discussion around skills shortage plus realisation that the expectation vs reality on both sides of the fence needs to be reaffirmed.

blueteam Featured

Locking Down SSH - The Right Way

A little guide for locking down a VPS or similar to ensure your SSH connection is as secure as can be.

redteam

Social Profiling - OSINT for Red/Blue

One of the areas that I love when it comes to red/purple engagements is profiling organizations on LinkedIn and GitHub, looking for crucial information that can lead to more juicy enumeration.

redteam Featured

Old but Gold - Attack and Defend the Sys Admins

Older techniques used in a sysadmin space, weaponised for red teaming and how to detect them from a blue team perspective.

redteam Featured

Paving The Way to DA - Complete Post (Pt 1,2 & 3)

As this series is a three part and dives into how to get domain admin in a windows estate using different techniques I found it useful to link them altogether in one flowing post, yes it is a straight pull of the other posts into one continuous post but it

bugbounty

Reviving and Refactoring DNS Enum

I have been using Lepus for a number of years as it is one of the better subdomain enumeration tools. I integrated some of the lessons learned from DNS Queue [https://github.com/zephrfish/dns-parallel-prober] and added additional functionality to a project that had not been updated in over 2

redteam

Pass the Way to DA

Pass the X attacks originate from having a piece of information, in these examples this will be a hash, a set of credentials or a Kerberos ticket and then leveraging them for lateral movement throughout a network.

redteam Featured

Certified Red Team Operator (CRTO) aka RTO I - Red Team Ops I Review

Red Team Ops (RTOI) Review

review

2020 - A year of Ups and Downs

This year has been interesting to say the least, a lot has happened and it has been full of great moments but equally upsetting and downer moments.

blueteam

Learning The [Defence] Ropes 101 - Splunk Setup & Config

As an attacker I come across Splunk a lot but I've never deployed it. This blog post will deep dive into deploying it and querying the back end!

My First 2020 [NonTroll] CVE - DLL Hijacking in NVIDIA System Management Interface (SMI)

NVIDIA System Management Interface is vulnerable to DLL search order hijacking whereby an attacker can leverage execution to establish persistence on a machine using a malicious DLL file.

redteam

ZeroLogon(CVE-2020-1472) - Attacking & Defending

A handy walkthrough of CVE-2020-1472 from both a red and blue team perspective, how to detect, patch and hack ZeroLogon