The Ghost in the Machine: Using xfreerdp and Pass-the-Hash for RDP

A deep-dive into the technical requirements and execution of Pass-the-Hash for Remote Desktop Protocol (RDP). Learn the correct xfreerdp syntax, how to enable Restricted Admin Mode remotely, troubleshoot NLA errors, and understand the forensic “Type 3” logon anomaly.

February 16, 2023 · 5 min · UncleSp1d3r

Mastering the Maze: Advanced Tunneling and Port Redirection for Red Teamers

A deep-dive guide into advanced network tunneling techniques. Learn to combine iptables, SSH (Local, Remote, Dynamic, and Reverse Dynamic), Windows netsh, and socat to bypass firewalls, pivot through sophisticated network segments, and maintain a low profile during engagements. Now covers modern tools like Chisel and Ligolo-ng.

February 15, 2023 · 6 min · UncleSp1d3r

Master the Database - Exploiting Microsoft SQL Server with Impacket

A comprehensive guide for red teamers on using Impacket’s mssqlclient.py to discover, authenticate, and exploit Microsoft SQL Server instances. Learn to achieve RCE via xp_cmdshell and OLE Automation, steal hashes via UNC path coercion (xp_dirtree), abuse linked servers, and extract sensitive data stealthily.

February 14, 2023 · 6 min · UncleSp1d3r

Master SMB Operations - Using Impacket to Conquer Windows Shares

A massive, comprehensive deep-dive into leveraging Impacket’s powerful SMB tools for offensive operations. Learn how to access shares using smbclient.py, host malicious shares with smbserver.py, perform high-impact NTLM relaying, dump domain secrets with secretsdump.py, and troubleshoot protocol hurdles.

February 12, 2023 · 7 min · UncleSp1d3r

Basic Introduction to smbclient - The Red Teamer's Swiss Army Knife for SMB

A massive, comprehensive deep-dive into smbclient, covering SMB architecture, essential enumeration techniques, data exfiltration, Pass-the-Hash, advanced automation, and forensic considerations for red team operations.

February 10, 2023 · 10 min · UncleSp1d3r

Ruby Programming Language - The Red Teamer's Elegant Powerhouse

A massive, comprehensive deep-dive into the Ruby programming language for security professionals. Explore elegant syntax, advanced object-oriented patterns, metaprogramming, and specialized applications in offensive security, from packet manipulation to Metasploit automation.

February 9, 2023 · 17 min · UncleSp1d3r

SSH Multiplexing and Master Control Sockets: An Advanced Red Teamer's Guide

An in-depth guide to SSH multiplexing and master control sockets for Red Team operations. Learn to use a single TCP connection for multiple sessions, reducing overhead, managing connection churn, and understanding the risks of socket hijacking.

February 9, 2023 · 7 min · UncleSp1d3r

Disable Shell History Safely - Advanced OpSec for Linux Operations

Master the art of flight without leaving a footprint. A comprehensive guide to disabling shell history, managing operational hygiene, and understanding the forensic limit of these techniques across Bash, Zsh, Fish, and PowerShell on Linux.

February 8, 2023 · 8 min · UncleSp1d3r

Alternate Data Streams on Windows NTFS: A Red Team's Guide to Hiding and Detecting Hidden Data

This article explores how Red Team members can utilize alternate data streams on Windows NTFS to hide data, with specific examples and cautionary considerations.

February 7, 2023 · 4 min · UncleSp1d3r

Port Scanning on Linux and Windows - The Ultimate Guide

A comprehensive guide to mastering port scanning on both Linux and Windows, covering standard tools like Nmap and Masscan, stealthy built-in techniques, and modern PowerShell-based enumeration.

February 5, 2023 · 6 min · UncleSp1d3r