secybr | penetration testing, red teaming and hack tricks.

https://secybr.com/secybr | penetration testing, red teaming and hack tricks.penetration testing, red teaming and hack tricks. 2025-08-26T23:41:36+03:00 0xhav0c https://secybr.com/ Jekyll © 2025 0xhav0c /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png HTB Certified Active Directory Pentesting Expert (CAPE) - How to Pass2025-08-23T12:00:00+03:00 2025-08-23T12:00:00+03:00 https://secybr.com/posts/htb-certified-active-directory-pentesting-expert-cape-review/ 0xhav0c

Those of you who read my “Certified Red Team Professional (CRTP) - How to Pass” article will remember that at the end of it, I set myself a new goal and said, “the next fortress to conquer will be the HTB Certified Active Directory Pentesting Expert (CAPE).” That day has come, and I’m here to happily announce that I have conquered that fortress! In this article, I will dive deep into this ch...

Certified Red Team Professional (CRTP) - How to Pass2025-03-27T00:00:00+03:00 2025-03-27T00:00:00+03:00 https://secybr.com/posts/certified-red-team-professional-CRTP-review/ 0xhav0c

Certified Red Team Professional (CRTP) - How to Pass I won’t go into detail about what CRTP is or who it’s suitable for. If you’re aiming for this certification, you already know the basics. If you want to get to the most critical information quickly, the TL;DR section below is for you! TL;DR Who is it suitable for: A great introductory certification for those looking to step into the Red...

Dumping LSASS Without Mimikatz2022-12-08T00:00:00+03:00 2022-12-08T15:05:37+03:00 https://secybr.com/posts/dumping-lsass-without-mimikatz/ 0xhav0c

Mimikatz is a tool for dumping credentials from memory in Windows. It is a great tool for lateral and vertical privilege escalation in Windows Active Directory environments. Due to its popularity, the Mimikatz executable and PowerShell script are detected by most of the Antivirus (AV) solutions out there. In this article, I will talk about using several alternative methods to achieve the same g...

Collecting Target Email Addresses2022-12-07T00:00:00+03:00 2022-12-08T16:57:53+03:00 https://secybr.com/posts/collecting-target-email-address/ 0xhav0c

app.snov.io Collecting email address from company name Free & Premium Features. Creating Mail Address List From Name and Surname metricsparrow.com Creating email address from Name & Surname (Like bruteforce with wordlist) Verification Mail Address Verification with this python script : github.com/0xhav0c/valid-email-scanner You can use the following online applications to determi...

Evasion Tactics For Scanning Targets (Active Scan)2022-12-06T00:00:00+03:00 2022-12-08T16:33:07+03:00 https://secybr.com/posts/evasion-tactics-for-scanning-targets/ 0xhav0c

IDS / IPS Firewall Detection Techniques Sending Bad Checksums TCP ACK Scan (-sA) Sending Bad Checksums nmap --badsum <target IP> (–badsum is used to send the packets with bad or bogus TCP/UDP checksums to the intended target to avoid certain firewall rulesets) The scan result shows all ports are filtered, indicating that there is no response or the packets are dropped, and thus ...