Henrik Falk July 17, 2025
Getting Started with NetExec: Streamlining Network Discovery and Access
One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.
www.blackhillsinfosec.com/getting-started-with-netexec
Weaponizing Windows Drivers: A Hacker's Guide for Beginners
This article marks the beginning of a four-part playbook designed to guide readers through the process of reverse engineering and exploiting Windows drivers. Starting with static analysis, we will identify vulnerabilities, develop a working exploit, and ultimately demonstrate how such drivers can be weaponized.
www.securityjoes.com/post/weaponizing-windows-drivers-a-hacker-s-guide-for-beginners
Your Browser Is Now Your Enemy: Delivering PHP RCE to Your Local Servers
This article demonstrates how attackers can chain Orange Tsai's CVE-2024-4577 with DNS rebinding to achieve remote code execution on internal network infrastructure directly through the victim’s web browser. By bypassing Same-Origin Policy (SOP) and exploiting vulnerable PHP-CGI instances running on local XAMPP servers, internal development environments, or corporate networks, this attack enables full code execution on systems never intended to be exposed to the internet.
www.hackandhide.com/your-browser-is-now-your-enemy-delivering-php-rce-to-your-local-servers
