Click-to-Compromise: From ClickFix to full compromise featuring Windows Defender bypass, C2 connection and persistence

This article is a deep dive into the Click-to-Compromise technique: a minimal-interaction, post-phishing attack chain that transitions from a single PowerShell command into full system compromise. ...

Apr 18, 2025 Research

PwnPress Framework is here, time to ditch WPScan (and my WPyScan)

PwnPress Framework is a powerful and automated WordPress vulnerability scanner - the exploitation tool part stills under development and looking for colaborators. It can scan WordPress site...

Mar 21, 2025 Tools

Raven 1 Walkthrough

Today I’m hacking into Raven 1. This VM is a WordPress website that we will be taking over through MySQL. Methodology Reconnaissance Enumeration Exploitation Gaining admin acces...

Jan 23, 2024 Walkthroughs

WPyScan: My FREE, UNLIMITED version of WPScan, now released

A tool developed in Python for enumerating and scanning WordPress websites. It is an easy-to-use tool that can be run from the command line. WPyScan can enumerate and find any vulnerability associa...

Jan 14, 2024 Tools, WPyScan

Enterprise Hacking Part #0: AD and Windows Exploitation Theory

PART 1/5 The next 5 posts will correspond to Week 9 and Week 10 of the OSCP Series. In the realm of cybersecurity, understanding the intricate dance between Active Directory (AD) and Window...

Jan 5, 2024 OSCP, Active Directory