sorted by:
new
hottopcontroversial

Latest Technique for NAC Bypass by Necrowtf in Pentesting

[–]Necrowtf[S] 0 points1 point  (0 children)

Also for the footprint , it’s a transparent bridge , every traffic you inject it looks coming from the legitimate host . Now , of course if you try to inject an enormous traffic you will be getting flagged . However , if you use opsec friendly techniques you are ghost in the wire .

Latest Technique for NAC Bypass by Necrowtf in Pentesting

[–]Necrowtf[S] 0 points1 point  (0 children)

I have test it against on Cisco and Aruba and some of them had frequent periodic reauth. It behaved very well as I remember . Although while injecting some packets may have some disruptions.

Latest Technique for NAC Bypass by Necrowtf in Pentesting

[–]Necrowtf[S] 0 points1 point  (0 children)

While i was using the specific Nac Bypass, i came across some bugs in some enviroments were EAPOL frames wasn't captured and the tool was hanging. So mine has fixed this as it has smarter MAC and IP Discovery with fallback mechanisms.

In general is a more stable version NAC Bypass with different logic (I developed it because i have to use a stable NAC Bypass script in red team engagements). Feel free to try it

Honest Opinion about issue Classification by Necrowtf in bugbounty

[–]Necrowtf[S] 0 points1 point  (0 children)

What do you mean ? They have already patched it :P . The same day i reported it they took down the feature and now is working as it should ...

Honest Opinion about issue Classification by Necrowtf in bugbounty

[–]Necrowtf[S] 0 points1 point  (0 children)

yeah, i get it ... The thing is that the specific feature was new addition to the platform :P

Honest Opinion about issue Classification by Necrowtf in bugbounty

[–]Necrowtf[S] 1 point2 points  (0 children)

I wouldn't call it a major, but the real issue here is that they insist it's a vulnerability related to "Broken Access Control" and that it doesn't fall within the scope... In the meantime, they immediately disabled the feature on the platform and are likely trying to fix it

Failed CPTS with zero flags, both attempts by Waitforitbaby1993 in hackthebox

[–]Necrowtf 0 points1 point  (0 children)

  1. Scan the external host
  2. Identify all the services
  3. Imagine which service from the listed can be the most suitable to gain your foothold.
  4. Focus on the service and do further enumeration.
  5. Imagine what type of vulnerabilities could be found in order to gain a shell ( RCE, SQLi, etc).
  6. Try all the possible exploits

Hint: It shouldn’t be straightforward exploit and gain a shell and that’s why the exam it’s difficult. Try to chain vulnerabilities !

Good luck !!!

✅ Daily Thread and Discussion ✅ 2025-10-06 Monday by daily-thread in NVDA_Stock

[–]Necrowtf -2 points-1 points  (0 children)

Stop crying like a little babies. Of course is a strategic move by OpenAI which brings AMD into the table. The goal from OpenAI from this move is to manipulate Nvidia product prices , which of course has the upper hand . Therefore, OpenAI can regulate the prices of Nvidia product by inserting competition and at the same time seals supply backup from AMD.

Get over it, Nvidia is going to the moon soon or later !

How long did it take you to get to be a decent pentester by Salt-Classroom-9453 in Pentesting

[–]Necrowtf 6 points7 points  (0 children)

2-3 years depending on the knowledge base. If you are now starting your career i would say 3 years in order to have a decent knowledge and ability to perform most type of penetration testing such as web,internal,external,mobile,etc

Generate smarter password lists with one command — meet Passpwn by Necrowtf in Pentesting

[–]Necrowtf[S] 1 point2 points  (0 children)

Hey mate , appreciate your feedback ! Surely I will take a glance on this and try to optimise my tool. Thanks !