What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-05 16:28:04 | Les chaussettes que nous avons à la maison The SOCKS We Have at Home (lien direct) |
Introduction Lorsque vous effectuez des tests de pénétration, nous constatons parfois que les systèmes ou les données que nous ciblons ne sont pas directement accessibles à partir du réseau auquel notre système d'attaque est connecté.C'est souvent le cas lors de la recherche de choses comme des données PCI.Nous avons peut-être \\ 'possédé \' le réseau, nous avons peut-être obtenu \\ 'da \', mais nous ... Read More
Introduction When performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our attacking system is connected to. This is often the case when searching for things such a PCI data. We may have \'owned\' the network, we may have gotten \'DA\', but we... Read More |
★★ | ||
|
2023-04-04 08:02:16 | Contourner Amazon Kids + Contrôles parentaux Bypassing Amazon Kids+ Parental Controls (lien direct) |
Récemment, pour Noël, ma fille de 4 ans a obtenu une tablette pour enfants Amazon.Jusqu'à présent, la tablette a été formidable et les enfants + semblent être une valeur assez décente pour ce que vous obtenez.Je suis très méfiant des types de contenu disponibles sur Internet, et en tant que parent, il est de mon devoir de m'assurer que mon ... Read plus
Recently for Christmas my 4 year old daughter got an Amazon Kids tablet. So far the tablet has been great and Kids+ seems like a pretty decent value for what you get. I’m very wary of the types of content available on the internet, and as a parent it’s my duty to ensure that my... Read More |
★★★ | ||
|
2023-02-16 10:09:33 | Bypassing Okta MFA Credential Provider for Windows (lien direct) | I’ll state this upfront, so as not to confuse: This is a POST exploitation technique. This is mostly for when you have already gained admin on the system via other means and want to be able to RDP without needing MFA. Okta MFA Credential Provider for Windows enables strong authentication using MFA with Remote Desktop... Read More | ★★★★ | ||
|
2023-02-01 14:38:56 | CactusCon 2023: BloodHound Unleashed (lien direct) | Here are the slides and video from my 2023 talk at CactusCon. The YouTube video currently is cut-off at the beginning, but if it gets fixed I’ll update with a new link. BloodHound Unleashed.pdf from n00py1 | ★★★★★ | ||
|
2023-01-30 20:36:40 | Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit (lien direct) | Metasploit Recently released version 6.3. With it came a whole lot of new features related to LDAP operations and using Kerberos authentication. Metasploit Framework 6.3 is out now🎉 New features include native Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.... Read More | ★★★ | ||
|
2022-10-16 19:25:19 | Practical Attacks against NTLMv1 (lien direct) | This blog is meant to serve as a guide for practical exploitation of systems that allow for the NTLMv1 authentication protocol. While NTLMv1 is hardly ever needed anymore, a surprising number of organizations still use it, perhaps unknowingly. There are however some VPN products that still currently instruct their users to downgrade NLTM authentication to... Read More | ★★★★ | ||
|
2022-03-11 16:25:43 | Password Spraying RapidIdentity Logon Portal (lien direct) | In the past I had written a quick blog post on password spraying Dell SonicWALL Virtual Office. While it wasn’t all that exciting of a post, a number of people did find it useful and having a blog for it helped people find it more easily than only being in a random Github repo or... Read More | ★★★★ | ||
|
2022-03-08 11:15:46 | Manipulating User Passwords Without Mimikatz (lien direct) | There are two common reasons you may want to change a user's password during a penetration test: You have their NT hash but not their plaintext password. Changing their password to a known plaintext value can allow you to access services in which Pass-the-Hash is not an option. You don't have their NT hash or... Read More | ★★★★ | ||
|
2022-01-29 15:28:48 | Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM) (lien direct) | This blog is about something I found recently regarding Cisco Unified Call Manager (CUCM). While playing around with SeeYouCM Thief, which is designed to download parse configuration files from Cisco phone systems, I noticed something interesting within a configuration file. There was an XML element in the configuration files named <secureUDSUsersAccessURL>. The value pointed to... Read More | ★★★★ | ||
|
2022-01-19 13:50:28 | Adding DCSync Permissions from Linux (lien direct) | Recently I came upon an attack path in BloodHound that looked like this: I had control of a computer object (an Exchange server) that effectively had WriteDacl over the domain. I had a few constraints as well: All systems were configured with EDR I only had the AES key of the computer account, not the... Read More | ★★★★ | ||
|
2021-09-22 10:54:26 | Resetting an Expired Password Remotely (lien direct) | I’ve often found that while performing password guessing on a network, I’ll find valid credentials, but the password will be expired. This presents a challenge, because the credentials are of limited use until they are reset. [crayon-63beea29b44b1852304117/] Throughout my testing I’ve found multiple ways to reset the passwords, however each contain some caveats. I’ve tested... Read More | ★★★★ | ||
|
2021-05-16 20:17:12 | Dumping Plaintext RDP credentials from svchost.exe (lien direct) | Recently I was browsing Twitter and came across a very interesting tweet: Umm- why can I find the password I used to connect to a remote desktop service in cleartext in memory of RDP service? First saw my microsoft accounts pwd- made new local account- same thing. For this user its: wtfmsnotcool pic.twitter.com/lRMhDCMJkH — Jonas... Read More | ★★★★ | ||
|
2020-12-31 10:52:52 | The Dangers of Endpoint Discovery in VIPRE Endpoint Security (lien direct) | This post documents a security mis-configuation I observed in VIPRE Endpoint Security with Endpoint Discovery. A few years ago, I published a blog post titled The Dangers of Client Probing on Palo Alto Firewalls, which detailed how client probing feature on Palo Alto firewalls can leak service account password hashes. This issue is very similar... Read More | ★★★★ | ||
|
2020-12-19 15:07:08 | Dumping LAPS Passwords from Linux (lien direct) | Following my previous posts on Managing Active Directory groups from Linux and Alternative ways to Pass the Hash (PtH), I want to cover ways to perform certain attacks or post-exploitation actions from Linux. I’ve found that there are two parallel ways to operate on an internal network, one being through a compromised (typically Windows) host,... Read More | ★★★★ | ||
|
2020-12-13 15:33:17 | Alternative ways to Pass the Hash (PtH) (lien direct) | Do you remember the first time you passed the hash? It probably went a little something like this: [crayon-63beea29b5956742664439/] If you are unfamiliar, that is the Metasploit PSexec module being used. Well, nowadays we don’t really do that anymore. You probably pass the hash something like this: [crayon-63beea29b595e732894682/] That is CrackMapExec being used to pass... Read More | ★★★★ |
1
We have: 15 articles.
We have: 15 articles.
To see everything:
Our RSS (filtrered)
