A new Remote Code Execution vulnerability for Microsoft Windows Support Diagnostic Tool(MSDT) which can be exploited using Microsoft Office Word(2013-2021). Developing the exploit Step 1 Create a docx file in your Microsoft Office Word Step 2: Edit Using 7z zip Step 3 Go to word\_rels\document.xml.rels , right click>edit The content should be exactly like: Step … Read more

This is a collection of red teaming tools that will help in red team engagements. The list is not complete, so i will keep updating it! Reconnaissance These tools are used to gather information passively or actively. Tools Name Descriptions Nmap Port/Service/Vulnerability Scanner DnsRecon, Amass DNS Enumeration Tool Nikto Website Misconfiguration Finder Burp Suite Pro … Read more

[toc] Delivering reverse shell payload via the office macro is old but still works if you can bypass AV.  Get your code ready Start Microsoft Office 2016 Pro Plus and Go View Tab and Click Macros>View Macros Give a macro name, Select Macros in Document1 and Click Create Paste the below code and save as … Read more

PoshC2 is an open-source command and control framework written in python3 which can be downloaded from https://github.com/nettitude/PoshC2. I was learning about this framework. Need to study more ;). But yeah, here some command i tested to see how they works! Configure PoshC2 To make PoshC2 work, few things should be done. Install in Kali Linux: … Read more