MITRE ATTACK Initial Access: Hands-On Purple Team Test Plan 文章介绍了MITRE ATT&CK初始访问技术TA0001的多种攻击手法及其对应的Caldera测试计划，包括恶意内容注入、钓鱼攻击、供应链妥协等，并提供了检测和修复建议，帮助提升企业安全防护能力。... 2025-6-12 17:17:0 | 阅读: 20 | 收藏 | Hacking Dream - www.hackingdream.net rogue attacker ssh victim enforce

Revolutionize XSS Detection: Fine-Tune Your Own AI XSS Hunter with Unsloth & LLMs (Llama 3, Gemma, etc.) 文章介绍了一种通过微调大型语言模型（LLM）来检测跨站脚本攻击（XSS）的方法。利用Unsloth库优化训练过程，结合自定义数据集和指令式学习策略，提升模型对复杂XSS漏洞的识别精度。文章详细讲解了从环境配置到模型训练、测试及部署的完整流程，并提供了代码示例和实用建议。... 2025-6-4 20:27:0 | 阅读: 23 | 收藏 | Hacking Dream - www.hackingdream.net unsloth tuning tokenizer hugging colab

Setting Up MITRE CALDERA with Atomic, EMU & SSL 文章介绍如何通过Docker构建并运行MITRE CALDERA实例，包含Atomic和EMU插件，并通过HAProxy配置自签名SSL证书实现HTTPS访问。... 2025-5-28 15:25:0 | 阅读: 36 | 收藏 | Hacking Dream - www.hackingdream.net caldera haproxy 8443 emu nano

Abusing GMSA Permissions - What You Need to Know as a Pentester Group Managed Service Accounts (gMSAs) 简化了跨域服务的密码管理，但配置不当会引发横向移动、权限提升等安全风险。攻击者可利用写入权限修改 gMSA 属性以获取密码并伪装身份。工具如 BloodHound 和 PowerShell 脚本可用于检测潜在风险，并通过枚举 ACL 和滥用 gMSA 权限实现攻击目标。... 2025-4-12 08:5:0 | 阅读: 11 | 收藏 | Hacking Dream - www.hackingdream.net gmsa victim gmsas

IPv6 DNS Takeover - Attacking & Exploitation IPV6 Windows默认启用IPv6可能导致DNS欺骗攻击。攻击者通过伪造DNS服务器截获NTLM哈希，并利用mitm6和ntlmrelayx工具进行认证relay，最终获取网络控制权。... 2025-3-16 21:18:0 | 阅读: 26 | 收藏 | Hacking Dream - www.hackingdream.net attacker wpad windows machine mitm6

Understanding Kerberos Authentication and its Attacks Kerberos is a widely used authentication protocol that ensures secure identity verification within... 2025-3-5 20:52:0 | 阅读: 28 | 收藏 | Hacking Dream - www.hackingdream.net delegation silver attacker dcshadow

Postgres Pentest Cheatsheet - Port 5432 文章介绍了PostgreSQL的安全性问题及攻击方法，包括漏洞扫描、暴力破解凭据、权限提升以及通过SQL命令读取和写入文件的技术。... 2025-2-14 16:46:0 | 阅读: 14 | 收藏 | Hacking Dream - www.hackingdream.net pg database php username passwd

Ldap Penetration Testing Cheatsheet - Port 389,636 这篇文章介绍了LDAP的基本操作和安全测试方法。内容包括使用Nmap扫描端口（如389, 636）探测服务、通过ldeep和ldapsearch工具匿名或认证导出数据，并展示了如何利用JXplorer访问服务及进行盲注攻击。此外，还涉及了 posixAccount 等 LDAP对象类及其相关属性。... 2025-2-8 16:24:0 | 阅读: 25 | 收藏 | Hacking Dream - www.hackingdream.net objectclass ldapsearch lll youruser

Running DeepSeek AI Locally on your PC/Laptop DeepSeek, a groundbreaking Chinese artificial intelligence (AI) company founded in 2023 by Liang We... 2025-1-28 16:1:0 | 阅读: 28 | 收藏 | Hacking Dream - www.hackingdream.net deepseek ollama windows distill llm

Android APK Penetration Testing Cheatsheet & Guide Explore a step-by-step guide to Android APK penetration testing! This blog covers essential techniq... 2025-1-25 13:12:0 | 阅读: 27 | 收藏 | Hacking Dream - www.hackingdream.net apk drozer mobsf diva jakhar

Understanding PE Headers: A Complete Guide to the Windows Portable Executable Format IntroductionThe Portable Executable (PE) format is an essential structure for Windows binaries such... 2025-1-4 20:0:0 | 阅读: 36 | 收藏 | Hacking Dream - www.hackingdream.net scn initialized memory virtualsize

Jenkins Penetration Test Cheatsheet Setting up Test Environment sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ https://pkg.... 2024-12-23 13:27:0 | 阅读: 20 | 收藏 | Hacking Dream - www.hackingdream.net jenkins jaf bhanu python crumb

[Updated 8th May 2024]Solo Leveling Arise Redeem Codes Free Need a Power-Up in Solo Leveling: Arise? Unlock Free Rewards with These Codes Want to level up your... 2024-5-9 02:9:0 | 阅读: 28 | 收藏 | Hacking Dream - www.hackingdream.net leveling solo arise redeem webtoon

Wordpress Penetration Testing Find Wordpress Applications and Run WPScanwget https://raw.githubusercontent.com/Bhanunamikaze/Pe... 2024-4-11 17:7:0 | 阅读: 22 | 收藏 | Hacking Dream - www.hackingdream.net wordpress wpscan somename reverse php

The Art of Social Engineering: Manipulating Individuals into Revealing Confidential Information Social engineering is a growing threat to businesses, as manipulators use psychological manipulati... 2024-2-22 13:0:0 | 阅读: 30 | 收藏 | Hacking Dream - www.hackingdream.net security divulging revealing texts

Six Crucial Cybersecurity Principles and the One to Avoid: A Comprehensive Guide Cybersecurity is a critical aspect of any organization's infrastructure, as it helps protect sensi... 2024-2-21 22:2:0 | 阅读: 31 | 收藏 | Hacking Dream - www.hackingdream.net security threats principle secrecy

Understanding Cryptography Basics - Symmetric vs. Asymmetric In today's digital world, data security is a top priority for individuals and organizations alike.... 2024-2-20 11:0:0 | 阅读: 16 | 收藏 | Hacking Dream - www.hackingdream.net encryption asymmetric symmetric security parties

Role of Artificial Intelligence in Cybersecurity In today's digital age, cybersecurity is more important than ever. As technology advances, the need... 2024-2-19 11:30:0 | 阅读: 34 | 收藏 | Hacking Dream - www.hackingdream.net threats ethical security identify

The Future of Work: How Automation and AI Will Impact Jobs As technology continues to advance, the future of work is becoming increasingly uncertain. While so... 2024-2-18 04:30:0 | 阅读: 22 | 收藏 | Hacking Dream - www.hackingdream.net aoe agi exposure accounting

AI Predictions for 2024: Synthetic Data, Multimodal Models, Security Challenges, and More As we enter 2024, the field of artificial intelligence (AI) is rapidly advancing. In this blog post... 2024-2-17 23:30:0 | 阅读: 39 | 收藏 | Hacking Dream - www.hackingdream.net crucial multimodal gpt security misleading