ByDeF : Mastering The Art Of Antivirus Evasion For Penetration Testing
ByDeF is a tool designed to generate an undetectable Portable Executable (PE) file, specifically a .exe file, that can bypass Windows Defender and other antivirus software. This tool is particularly useful for penetration testers and security researchers who need to create payloads that evade detection by modern antivirus systems. Functionality Of ByDeF ByDeF operates through a series of steps that involve...
CVE-2025-29927 : Next.js Middleware Authorization Bypass – Technical Analysis
A critical vulnerability, CVE-2025-29927, has been identified in Next.js, a React-based web framework by Vercel. This flaw allows attackers to bypass middleware-based authorization checks by exploiting the x-middleware-subrequest header. Middleware in Next.js is widely used for tasks such as path rewriting, server-side redirects, security headers (e.g., CSP), and access control. The vulnerability affects versions 11.1.4 through 13.5.6, 14.x before...
pugDNS : Revolutionizing DNS Query Speed And Accuracy For Advanced Networking Needs
pugDNS is an experimental, high-performance DNS query tool designed to facilitate fast and accurate bulk DNS lookups. It leverages AF_XDP (Address Family eXpress Data Path) sockets to achieve significantly higher query rates compared to traditional DNS tools. This makes it particularly useful for security researchers, network administrators, and penetration testers involved in DNS reconnaissance and domain discovery tasks. Key Features High...
ZeroDays CTF 2025 : A Comprehensive Overview
The ZeroDays CTF 2025, held on March 22nd at Croke Park in Dublin, Ireland, marks a significant milestone as it celebrates its 10th anniversary. This event has evolved into the largest on-site, one-day Capture The Flag (CTF) competition globally, attracting over 130 teams in 2024. The competition is structured into several categories, including Irish Colleges, International, and Open sections,...
CloudPEASS : Cloud Privilege Escalation Awesome Script Suite
CloudPEASS is a suite of tools designed to help users identify potential privilege escalation paths and other security vulnerabilities in cloud environments, specifically Azure, GCP, and AWS. The suite is currently in development and leverages techniques documented in HackTricks Cloud, along with insights from HackTricks AI, to analyze permissions and highlight potential attacks. AzurePEASS Functionality: Permission Analysis: AzurePEASS checks all permissions in...
OSCE³ and OSEE Study Guide : Understanding Key Tools And Functions
The OSCE³ (Offensive Security Certified Expert 3) and OSEE (Offensive Security Exploitation Expert) certifications are advanced qualifications in the field of cybersecurity, focusing on web security and exploit development, respectively. Both certifications require a deep understanding of various tools and methodologies used in penetration testing and exploit development. OSCE³ Study Guide OSCE³ focuses on web security, emphasizing tools and techniques for...
Nyxian : A Low-Level Scripting Language For iOS
Nyxian is a JavaScript-based low-level scripting language designed specifically for iOS. It provides a powerful toolset for developers to interact with iOS systems at a deeper level, allowing for more control and customization. This article will explore the core functionality and modules of Nyxian, providing an overview of its capabilities and potential applications. To get started with Nyxian, users need...
AppStore Troller : Overcoming iOS Compatibility Barriers For App Downloads
AppStore Troller is a straightforward yet handy tweak designed for iOS users who face compatibility issues with apps requiring newer iOS versions. This tweak allows users to purchase apps that are not compatible with their current iOS version, enabling them to install the last compatible version of the app if available. Functionality Of AppStore Troller Purchasing Incompatible Apps: AppStore Troller tricks...
Kernel Callbacks Removal : Bypassing EDR Detections
Kernel callbacks are essential components used by Endpoint Detection and Response (EDR) systems to monitor system events, such as process creation, image loading, and registry modifications. However, attackers have developed techniques to remove these callbacks, effectively blinding EDRs and allowing malicious activities to go undetected. Tools And Techniques Custom Callbacks and Signed Drivers: Tools like CheekyBlinder utilize signed, vulnerable drivers to...
IPATool : A Comprehensive Guide To Managing iOS Apps
IPATool is a versatile command-line utility designed to facilitate the search, download, and management of iOS app packages (ipa files) from the App Store. It supports various operating systems, including Windows, Linux, and macOS, making it accessible to a wide range of users. This article will delve into the functionality and usage of IPATool. To use IPATool, you need to...
