themayor.notion.site
Open in
urlscan Pro
104.18.32.9
Public Scan
Submitted URL: http://themayor.tech/
Effective URL: https://themayor.notion.site/MayorSec-Home-of-The-Mayor-9c46a29fdead4d1880c70bfafa8d453a
Submission: On December 20 via manual from GB — Scanned from CH
Effective URL: https://themayor.notion.site/MayorSec-Home-of-The-Mayor-9c46a29fdead4d1880c70bfafa8d453a
Submission: On December 20 via manual from GB — Scanned from CH
Form analysis 0 forms found in the DOM
Text Content
MayorSec - Home of The Mayor Suchen Notion testen MAYORSEC - HOME OF THE MAYOR Home Suchen Original anzeigen Penetration Testing Resources Windows Host Commands Windows Network Exploitation Linux Host Commands Web Application Testing PowerShell Commands Links and more https://twitter.com/joehelle https://youtube.com/c/JoeHellethemayor https://github.com/dievus https://medium.themayor.tech https://discord.gg/aceeFEHkmA https://twitch.tv/themayor11 Educational Courses and Sponsorships Learn by Doing - Python3 Command and Control How To Guide Movement, Pivoting, and Persistence Most Recent Article medium.themayor.tech When the Administrator Group is Overused https://medium.themayor.tech/domain-takeover-without-domain-admin-permissions-28a7bd330501 Recent News, Articles, and Videos CVE Hunting Tips #004 Observable Response and Timing Discrepancies https://medium.themayor.tech/cve-hunting-tips-004-d998fed85da5 CVE Hunting Tips #003 Rack Attack Rack Attack is a "middleware for blocking and throttling" in Ruby on Rails code ( rack/rack-attack: Rack middleware for blocking & throttling (github.com). Rack attack allows a developer to set various rules in the configuration for allowing, blocking, and throttling requests. https://medium.themayor.tech/cve-hunting-tips-003-7208eb251900 CVE Hunting Tips #002 Text Input Denials of Service Countless websites allow users to input characters in any number of locations. These can be usernames, passwords, about me sections, or in the case of today's finding, a notetaking section in an inventory management system. These inputs are needed for effective usage and management of web applications are vital to operations. https://medium.themayor.tech/bug-bounty-tips-002-f7b29804713a CVE Hunting Tips #000 Finding Projects Bug hunting, in the eyes of companies like HackerOne and Bugcrowd, is all about impact. It's been beaten into people's heads that low-hanging fruit issues aren't accepted or aren't worth your time. https://medium.themayor.tech/bug-bounty-tips-001-e9c3ec13580c Internal Persistence Techniques - TCM Security The majority of our internal penetration tests are at least a week long. While we generally have a drop box sent to the client to enable our access to the network, we have to consider efficiency as well. https://tcm-sec.com/internal-persistence-techniques/ eCPTX Exam Review eLearnSecurity Certified Penetration Tester eXtreme I recently decided to take the eLearnSecurity Certified Penetration Tester eXtreme (eCPTX) exam. I have been feeling confident with pentesting active directory environments and felt I would be able to give it a shot. Here are my thoughts. https://medium.themayor.tech/ecptx-exam-review-1dce30c152a6 Original anzeigen Windows Persistence Using WSL2 I don't think this is what it was meant for Consider supporting my work at https://ko-fi.com/themayor . I really enjoy exploitation in Windows environments. It is a landscape that is ripe with opportunities for privilege escalation, exploitation, and persistence opportunities. https://medium.com/cybersecpadawan/windows-persistence-using-wsl2-8f87e319ea56 Original anzeigen Domain Domination With Windows Shortcuts Wait, what? How? Consider supporting my work at https://ko-fi.com/themayor . I've recently had the necessity to learn about a feature in Microsoft Windows that we take for granted everyday - Shortcuts. We use them all the time to access things like search engines, web sites, and file shares. https://medium.com/cybersecpadawan/domain-domination-with-windows-shortcuts-6aab1d72b793 Original anzeigen How I Was Bored One Night and Found Two CVEs I'm regularly asked by people how to break into penetration testing who are in the same position I was in not long ago. It was less than a year ago I was at my wit's end. I thought I was unemployable in IT in general, not just pentesting. https://medium.com/cybersecpadawan/how-i-was-bored-one-night-and-found-two-cves-4233c3719194 Original anzeigen Boost Your Security Program for WFH Employees - TCM Security With communities beginning to open back up, companies are considering the decision to stay remote. And this comes with good reasons. The cost of leasing space might be prohibitive and downsizing to host only necessary business functions could help with expenses. https://tcm-sec.com/boost-your-security-program-for-wfh-employees/ ZeroPointSecurity Certified Red Team Operator Course (CRTO) Review Continuing my education in all things hacking, I recently decided to give Rastamouse's CRTO course a go. There isn't much to go off of from other reviews, so it's one of the first courses I've taken in some time where someone I know couldn't provide any advice or experiences. https://medium.com/cybersecpadawan/zeropointsecurity-certified-red-team-operator-course-crto-review-512c8d54705a eLearnSecurity eWPT Certification As with anything in life, we do ourselves a disservice if we don't spend considerable time trying to improve those things we struggle with. It's no secret among my various circles that my weak area in penetration testing is web applications. I find them challenging more or less because I lack a complete interest in pentesting websites. https://medium.com/cybersecpadawan/elearnsecurity-ewpt-certification-b7592bfc70af Hacking MS-SQL - From SQLi to Server Administrator In this video we conduct initial scanning and enumeration on a Windows Server, discover a SQL injection vulnerability in a website, exploit it, and gain acce... https://www.youtube.com/watch?v=-hR9h3erNEU&lc=UgzJ73twlwT2LTyQC_14AaABAg Pentester Academy Certified Red Team Professional (CRTP) Review Early this year I purchased and completed Pentester Academy's Attacking and Defending Active Directory course. The coursework prepares the student to take the Certified Red Team Professional exam, which is a comprehensive, multi-domain challenge consisting of multiple machines to exploit across a forest trust. https://medium.com/cybersecpadawan/pentester-academy-certified-red-team-professional-crtp-review-a91b05367bcf Relevant Walkthrough - TryHackMe Please consider supporting me on Patreon at https://www.patreon.com/themayorThe video walkthrough for Relevant on TryHackMe. I created Relevant to show that... https://youtu.be/VfadeHqnuZc Integration Partners discovers Zero-Day vulnerability in Web Application | Integration Partners | Lexington, MA Zero-Day vulnerability discovered by Joe Helle, Security Engineer at Integration Partners On November 8th, 2020 our newest Security Engineer, Joe Helle, was issued a CVE (Common Vulnerability and Exposures) number for a Zero-Day Reflected Cross-Site Scripting vulnerability in a...Read More https://integrationpartners.com/blog/integration-partners-discovers-zero-day-vulnerability-web-application/ Notion verwendet Cookies. Weitere Informationen findest du unter  Hinweis zu Cookies . Alle akzeptieren Alle ablehnen Home