Posts

Showing posts from January, 2026

GitLab Security: A Comprehensive Guide for Pentesters and Red Teams (Updated 2026)

-
Updated: January 2026 | Author: Security Research Team GitLab Penetration Testing Red Team CVE-2023-7028 Bug Bounty 📑 Table of Contents CVE-2023-7028: Critical Account Takeover Recent GitLab Vulnerabilities (2024-2025) Bug Bounty Program Insights Red Teaming Techniques GitLab Runner Hijacking CI/CD Secrets Extraction Conclusion Introduction GitLab has become a critical component of modern software development infrastructure, serving as a comprehensive DevSecOps platform for millions of organizations worldwide. However, with great power comes great responsibility—and significant security challenges. This comprehensive guide explores the latest vulnerabilities, exploitation techniques, and red teaming methodologies specifically tailored for GitLab environments. Whe...
Post a Comment
Read more

Palo Alto GlobalProtect SSL VPN: Comprehensive CVE and Vulnerability Analysis

-
Author: Snr Penetration Tester | Security Research Published: January 13, 2026 Classification: Security Research & Penetration Testing Guide Audience: Security Professionals, Penetration Testers, Red Team Operators 📑 Table of Contents Executive Summary Critical CVEs and Vulnerabilities Configuration File and Credential Exposure XSS and SQL Injection Vulnerabilities Default Credentials Palo Alto Expedition Vulnerabilities Backdoor Analysis Penetration Testing Checklist Red Team Operational Tips Burp Suite PoC Examples Mitigation and Hardening References 📋 Executive Summary Palo Alto Networks GlobalProtect SSL VPN and ...
Post a Comment
Read more

Windows Cheatsheets

-
Windows Cheatsheets Comprehensive Windows Cheatsheets An updated and improved collection of Windows command-line and PowerShell cheatsheets, originally from the r1cksec/cheatsheets repository. Table of Contents Active Directory Azure & Cloud Command Line Tools Email & Collaboration Group Policy IIS & Web Monitoring & Analysis Network & DNS Persistence & Startup PowerShell Security & Exploitation Security Descriptors Utilities & Tools Active Directory aadinternals ### Source https://github.com/Gerenios/AADInternals ### Install and Import ``` Install-Module AADInternals Import-Module AADInternals.psd1 ``` ### Gather informations from AzureAD ``` Invoke-AADIntReconAsOutsider -DomainName <tenant>.onmicrosoft.com ``` ### Read local config ``` Get-AADIntConfiguration ``` # Set user-agent in local config ``` Set-AADIntSetting -Setting ...
Post a Comment
Read more