Kali 2018.2 VirtualBox Guest Additions

Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability. Kali using Gnome 3 will be slow performing if you do not have the guest additions installed. … Read moreKali 2018.2 VirtualBox Guest Additions

Stealing Credentials (Metasploit)

This document will start from you having an open session to a target machine; as well as having local administrator access on the target machine; ideally through a reverse TCP connection. Once you have an active session through any exploit of your choosing; proceed with stealing credentials from the target system. Step 1: Select the … Read moreStealing Credentials (Metasploit)

Gaining Administrative Access (Metasploit) – MS15-051

This document will start from you having an open session to a target machine. This will exploit allow you to migrate the malicious process to the SYSTEM user using a variability in Microsoft Windows (MS15_051) Microsoft Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of … Read moreGaining Administrative Access (Metasploit) – MS15-051

Attack Simulation: Malicious Office Document (Metasploit)

This module generates a macro-enabled Microsoft Office Word document (docm). It does not target a specific CVE or vulnerability, instead it’s more of a feature-abuse in Office, and yet it’s still a popular type of social-engineering attack such as in ransomware. By default, the module uses a built-in Office document (docx) as the template. It … Read moreAttack Simulation: Malicious Office Document (Metasploit)

Attack Simulation: EternalBlue MS17-010 (Metasploit)

The vulnerability works by exploiting the Microsoft Server Message Block 1.0. The SMB is a network file sharing protocol and “allows applications on a computer to read and write to files and to request services” that are on the same network. This demonstration will show you how to remotely take control of a system by … Read moreAttack Simulation: EternalBlue MS17-010 (Metasploit)