What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-08 09:51:08 | Domain Persistence: DC Shadow Attack (lien direct) | In this post, we are going to discuss the most dynamic attack on AD named as DC Shadow attack. It is part of Persistence which create rogue Domain controller in the network. This attack is an actual threat because of This attack leverage into another dynamic attack such as DCSync Attack and Golden ticket Attack.... Continue reading → | Threat | ||
|
2020-06-06 15:14:43 | Domain Persistence AdminSDHolder (lien direct) | In this post, we will discuss the Persistence attack on Active Directory by abusing AdminSDHolder. This attack is an actual threat because of This attack leverage into another dynamic attack such as DCSync Attack and Golden ticket Attack. AdminSDHolder Active Directory Domain Services uses AdminSDHolder, protected groups and Security Descriptor propagator (SD propagator or SDPROP... Continue reading → | Threat | ||
|
2020-06-06 10:44:18 | Seppuku:1 Vulnhub Walkthrough (lien direct) | Today we are going to crack this machine called “Seppuku:1”. It is available on Vulnhub for the purpose of Penetration Testing practices. It was an intermediate box which made me learn many new things. This credit of making this lab goes to SunCSR Team. Let's start and learn how to successfully breach it. Level: Intermediate... Continue reading → | |||
|
2020-06-06 10:04:09 | (Déjà vu) LemonSqueezy:1 Vulnhub Walkthrough (lien direct) | Today we are going to solve another boot2root challenge called “LemonSqueezy:1”. It is available on Vulnhub for the purpose of Penetration Testing practices. This lab is not that difficult if we have the proper basic knowledge of cracking the labs. This credit of making this lab goes to James Hay. Let's start and learn how... Continue reading → | |||
|
2020-06-01 11:18:02 | (Déjà vu) Victim:1 Vulnhub Walkthrough (lien direct) | Today we are going to solve another boot2root challenge called “Victim:1”. It is available on Vulnhub for the purpose of Penetration Testing practices. This lab is not that difficult if we have the proper basic knowledge of cracking the labs. This credit of making this lab goes to iamv1nc3nt. Let's start and learn how to... Continue reading → | |||
|
2020-05-31 08:32:33 | Credential Dumping: LAPS (lien direct) | In this post, you will find out how Microsoft’s LAPs feature can be abused by the attacker in order to get the end-user password. Table of Content Local Administrator Password Solution LAPS Attack Walkthrough Configuration Metasploit Empire The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain-joined computers. Passwords are stored... Continue reading → | |||
|
2020-05-29 19:43:49 | (Déjà vu) Sumo: 1 Vulnhub Walkthrough (lien direct) | Today, I am going to share a writeup for the boot2root challenge of the Vulnhub machine “Zion: 1.1”. It was an intermediate box based on the Linux machine. The goal for this machine is to read the flag file Penetration Testing Methodology Network Scanning Netdiscover scan Nmap Scan Enumeration Enumerating HTTP service on Browser Enumerating... Continue reading → | |||
|
2020-05-27 22:12:39 | Zion: 1.1 Vulnhub Walkthrough (lien direct) | Today, I am going to share a writeup for the boot2root challenge of the Vulnhub machine “Zion: 1.1”. It was actually an intermediate box based on the Linux machine. The goal for this machine is to read the flag.txt file. Penetration Testing Methodology Network Scanning Netdiscover scan Nmap Scan Enumeration Enumerating HTTP service on Browser... Continue reading → | |||
|
2020-05-27 13:12:22 | Lateral Movement: Pass the Ticket Attack (lien direct) | After working on Pass the Hash attack and Over the pass attack, it's time to focus on a similar kind of attack called Pass the Ticket attack. It is very effective and it punishes too if ignored. Let's look into it. Table of Content Introduction Configurations used in Practical Working Pass-the- Hash v/s Pass-the-Ticket Pass-the-Ticket... Continue reading → | |||
|
2020-05-26 18:24:37 | Credential Dumping: DCSync Attack (lien direct) | The most of the Organisation need more than one domain controller for their Active Directory and to maintain consistency among multiple Domain controller, it is necessary to have the Active Directory objects replicated through those DCs with the help of MS-DRSR refer as Microsoft feature Directory Replication Service (DRS) Remote Protocol that is used to... Continue reading → | |||
|
2020-05-26 15:06:32 | DevRandom CTF:1.1 Vulnhub Walkthrough (lien direct) | Today we are going to solve another boot2root challenge called “DevRandom CTF:1.1”. It is available on Vulnhub for the purpose of Penetration Testing practices. This lab is not that difficult if we have the proper basic knowledge of cracking the labs. This credit of making this lab goes to Hunri Beats. Let's start and learn... Continue reading → | |||
|
2020-05-25 09:11:23 | Abusing Microsoft Outlook 365 to Capture NTLM (lien direct) | In this post we will discuss “How the attacker uses the Microsoft office for phishing attack to get the NTLM hashes from Windows.” Since we all knew that Microsoft Office applications like Word , PowerPoint , Excel and Outlook are the most reliable resource for any organization, and an attacker takes advantage of this reliance... Continue reading → | |||
|
2020-05-25 07:55:13 | Lateral Movement: Pass the Cache (lien direct) | In this post, we’ll discuss how an attacker uses the ccache file to compromise kerberos authentication to access the application server without using a password. This attack is known as Pass the cacche (Ptc). Table of Content Credential Cache Ccache Types Walkthrough Pass the Ccache attack Method 1:Mimikatz Method 2: KRB5CCNAME Credential Cache A credential... Continue reading → | |||
|
2020-05-21 19:15:52 | mhz_cxf: c1f Vulnhub Walkthrough (lien direct) | CTF's are a great way to sharpen your axe. As a security enthusiast, this is probably the best way to get some hands-on practice that lends perspective as to how an adversary will exploit a vulnerability and how as an infosec professional we will eliminate that risk or guard against it. This is a very... Continue reading → | Vulnerability | ★★★★ | |
|
2020-05-21 18:39:39 | CengBox: 1 Vulnhub Walkthrough (lien direct) | Today, I am going to share a writeup for the boot2root challenge of the vulnhub machine “Cengbox:1”. It was an easy box based on the Linux machine which helped me learn many new things. The goal is to find the user and root flag. Penetration Testing Methodology Reconnaissance Netdiscover Nmap Dirb Exploitation SQLmap File Upload... Continue reading → | |||
|
2020-05-21 10:17:44 | TBBT2: Vulnhub Walkthrough (lien direct) | TBBT2 is made by emaragkos. This boot2root machine is part of the TBBT Fun with Flags series and it is themed after the famous TV show, The Big Bang Theory and has really strong CTF elements. It’s more like solving a set of interesting CTF challenges as a puzzle than facing these in a real-life... Continue reading → | |||
|
2020-05-21 07:27:37 | Comprehensive Guide on Password Spraying Attack (lien direct) | Today we deal with the technique that at first sounds very much similar to Bruteforcing but trust me, it is not brute-force. It is Password Spraying. We will understand the difference between the two and shine some light on real-life scenarios as well. Then we will discover multiple tools thought which we can perform Password... Continue reading → | |||
|
2020-05-19 06:08:46 | Geisha:1: Vulnhub Walkthrough (lien direct) | Today, I am going to share a writeup for the boot2root challenge of the vulnhub machine “GEISHA”. It was actually an easy box based on the Linux machine and the goal is to get the root shell and then obtain flag under /root). Download it from here: https://www.vulnhub.com/entry/geisha-1,481/ Table of Content Recon Netdiscover Nmap Exploitation... Continue reading → | |||
|
2020-05-18 06:03:17 | Persistence: Accessibility Features (lien direct) | Today we are going to shed some light on a very sticky persistence method. It is so sticky that it has been there for a long time and it is here to stick. This was the last of my puns. You might have guessed it until now. It is a Sticky Keys. Let's dive in.... Continue reading → | |||
|
2020-05-17 19:10:55 | Katana: Vulnhub Walkthrough (lien direct) | Katana VM is made by SunCSR Team. This VM is a purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. It is of intermediate level and is very handy in order to brush up your skills as a penetration tester. The ultimate goal of this challenge is to... Continue reading → | |||
|
2020-05-14 17:49:17 | Lateral Movement: Over Pass the Hash (lien direct) | In this post, we’re going to talk about Over Pass the hash that added another step in passing the hash. Pass the hash is an attack that allows an intruder to authenticate as a user without having access to the user's password. This is a technique where an attacker uses the NTLM hashes for authentication... Continue reading → | |||
|
2020-05-14 14:36:54 | Lateral Movement: Pass the Hash Attack (lien direct) | If you have been in the Information Security domain anytime in the last 20 years, you may have heard about Pass-the-Hash or PtH attack. It is very effective and it punishes very hard if ignored. This was so effective that it led Microsoft Windows to make huge changes in the way they store credentials and... Continue reading → | |||
|
2020-05-13 18:56:55 | Hack the Box: Open Admin Box Walkthrough (lien direct) | Today, I am going to share a writeup for the boot2root challenge of the Hack the Box machine “OPENADMIN” which is a retired machine. It was actually an easy box based on the Linux machine and recently I have owned this system and got many new things to learn. Table of Content Recon Nmap Dirb... Continue reading → | Hack | ||
|
2020-05-10 15:33:00 | AS-REP Roasting (lien direct) | In our previous articles, we have discussed “Golden ticket Attack”, “Kerberoast” and “Kerberos Brute Force” multiple methods to abuse Kerberos which is a ticking protocol. Today we are going to discuss one more technique “AS-REP Roasting” which is used for the Kerberos attack. Tools Required Rubeus.exe ASREPRoast PowerShell Script Impacket AS-REP Roasting AS-REP roasting is... Continue reading → | |||
|
2020-05-07 14:05:35 | Lateral Moment on Active Directory: CrackMapExec (lien direct) | In this article, we learn to use crackmapexec. This tool is developed by byt3bl33d3r. I have used this tool many times for both offensive and defensive techniques. And with my experience from this tool, I can say that the tool is so amazing that one can use it for situational awareness as well as lateral... Continue reading → | Tool | ||
|
2020-05-07 08:01:09 | Impacket Guide: SMB/MSRPC (lien direct) | There have been many Red Team scenarios, Capture the Flag challenges where we face the Windows Server. After exploiting and getting the initial foothold in the server, it is tough to extract the data and as well as there are scenarios where we couldn't get onto the server per se. But using the SMB, we... Continue reading → | |||
|
2020-05-05 22:11:51 | Deep Dive into Kerberoasting Attack (lien direct) | In this article, we will discuss kerberoasting attacks and other multiple methods of abusing Kerberos authentication. But before that, you need to understand how Kerberos authentication works between client-server communication. “Kerberos is for authentication not for authorization, this lacuna allows kerberoasting” Table of Content SECTION A: Kerberos Authentication Flow Kerberos & its Major Components Kerberos Workflow... Continue reading → | |||
|
2020-05-03 08:58:00 | Lateral Movement: WMI (lien direct) | WMI is used for a lot of stuff but it can also be used for Lateral Movement around the network. This can be achieved using the MSI file. Confused? Read along! Table of Content Introduction to WMI Configurations Used in Practical Payload Crafting Payload Transfer Manual WMI Getting the Meterpreter Session Invoke-WmiMethod Getting the Meterpreter... Continue reading → | |||
|
2020-04-30 09:52:29 | Penetration Testing on VoIP Asterisk Server (Part 2) (lien direct) | In the previous article we learned about Enumeration, Information Gathering, Call Spoofing. We introduced a little about the Asterisk Server. This time we will focus more on the Asterisk Manager Interface and some of the commands that can be run on the Asterisk server and we will also look at the AMI Brute force Attack.... Continue reading → | |||
|
2020-04-28 11:18:16 | Data Exfiltration using DNSSteal (lien direct) | In this article, we will comprehend the working of DNSteal with the focus on data exfiltration. You can download this tool from here. Table of Content: Introduction to Data Exfiltration DNS Protocol and it’s working DNS Data exfiltration and it’s working Introduction to DNSteal Proof of Concept Detection Mitigation Conclusion Introduction to Data Exfiltration Data... Continue reading → | Tool | ||
|
2020-04-25 16:03:31 | Domain Controller Backdoor: Skeleton Key (lien direct) | When the many people around were fighting the good fight for Net Neutrality, talented people over Dell SecureWorks Counter Threat Unit or CTU discovered a malware that can bypass the authentication on Active Directory Systems around the world. This poses a threat to all those systems that have implemented a single-factor authentication. Multiple Factor Authentication... Continue reading → | Malware Threat | ||
|
2020-04-25 15:08:12 | Kerberos Brute Force Attack (lien direct) | In the previous article, we had explained Forge Kerberos Ticket “Domain Persistence: Golden Ticket Attack” where have discussed how Kerberos authentication process and what its service component. In this post, we are going to perform brute force attack on Port 88 that is used for Kerberos service for enumerating valid username & password. Table of... Continue reading → | |||
|
2020-04-24 14:30:54 | Domain Persistence: Golden Ticket Attack (lien direct) | Golden Ticket attack is a famous technique of impersonating users on an AD domain by abusing Kerberos authentication. As we all know Windows two famous authentications are NTLM and Kerberos in this article you will learn why this is known as persistence and how an attacker can exploit the weakness of AD. Table of Content... Continue reading → | |||
|
2020-04-24 07:32:10 | RDP Session Hijacking with tscon (lien direct) | In this article, we will learn to hijack an RDP session using various methods. This is a part of Lateral movement which is a technique that the attacker uses to move through the target environment after gaining access. Table of Content: Introduction to RDP Features of RDP Working of RDP Introduction of tscon Manual Task... Continue reading → | |||
|
2020-04-20 14:18:37 | Credential Dumping: Clipboard (lien direct) | In this article, we learn about online password mangers and dumping the credentials from such managers via clipboard. Passwords are not easy to remember especially when passwords are made up of alphanumeric and special characters. And these days, there are passwords for everything. And keeping the same password for every account is insecure. Therefore, we... Continue reading → | |||
|
2020-04-19 09:30:52 | (Déjà vu) Windows Persistence using Netsh (lien direct) | In this article, we are going to describe the ability of the Netsh process to provide persistent access to the Target Machine. Table of Content Introduction Configurations used in Practical Crafting Payload Payload Transfer Twerking Registry Listener Configuration & Gaining Persistence Detection Mitigation Introduction Netsh is a command-line scripting utility that allows you to, either... Continue reading → | |||
|
2020-04-18 17:38:08 | Credential Dumping: Local Security Authority (LSA|LSASS.EXE) (lien direct) | LSA and LSASS stands for “Local Security Authority” And “Local Security Authority Subsystem (server) Service”, respectively The Local Security Authority (LSA) is a protected system process that authenticates and logs users on to the local computer. Domain credentials are used by the operating system and authenticated by the Local Security Authority (LSA). The LSA can... Continue reading → | |||
|
2020-04-17 06:02:30 | Windows Persistence using Bits Job (lien direct) | In this article, we are going to describe the ability of the Bits Job process to provide persistent access to the Target Machine. Table of Content Introduction Configurations used in Practical Manual Persistence Metasploit Persistence Metasploit (file-less) Persistence Mitigation Introduction Background Intelligent Transfer Service Admin is a command-line tool that creates downloads or uploads jobs... Continue reading → | Tool | ||
|
2020-04-14 15:40:38 | Credential Dumping: Phishing Windows Credentials (lien direct) | This is the ninth article in our series of Credentials Dumping. In this article, we will trigger various scenarios where Windows will ask for the user to perform authentication and retrieve the credentials. For security purposes, Windows make it essential to validate user credentials for various authentications such as Outlook, User Account Control, or to... Continue reading → | |||
|
2020-04-13 18:53:49 | (Déjà vu) Credential Dumping: NTDS.dit (lien direct) | In this article, you will learn how passwords are stored in NTDS.dit file on Windows Server and then we will learn how to dump these credentials hashes from NTDS.dit file. Table of Content Introduction to NTDS NTDS Partitions Database Storage Table Extracting Credential by Exploit NTDS.dit in Multiple Methods FGDump NTDSUtil DSInternals NTDSDumpEx Metasploit NTDS_location NTDS_grabber... Continue reading → | |||
|
2020-04-13 07:13:32 | Penetration Testing on VoIP Asterisk Server (lien direct) | Today we will be learning about VoIP Penetration Testing this includes, how to enumeration, information gathering, User extension and password enumeration, sip registration hijacking and spoofing. Table of Content Introduction to VoIP Uses of VoIP SIP Protocol SIP Requests SIP Responses SIP Interaction Structure Real-Time Transport Protocol Configurations Used in Practical Setting Viproy VoIP Kit... Continue reading → | |||
|
2020-04-12 12:00:52 | Windows Persistence using WinLogon (lien direct) | In this article, we are going to describe the ability of the WinLogon process to provide persistent access to the Target Machine. Table of Content Introduction Configurations used in Practical Default Registry Key Values Persistence using WinLogon Using Userinit Key Using the Shell Key Detection Mitigation Introduction The Winlogon process is a very important part... Continue reading → | |||
|
2020-04-10 14:14:59 | Credential Dumping: Applications (lien direct) | This is a sixth article in the Credential Dumping series. In this article, we will learn how we can dump the credentials from various applications such as CoreFTP, FileZilla, WinSCP, Putty, etc. Table of Content: PowerShell Empire: Session Gropher Credential Dumping: CoreFTP Metasploit Framework Credential Dumping: FTP Navigator Metasploit Framework Lazagne Credential Dumping: FileZilla Metasploit... Continue reading → | |||
|
2020-04-08 11:46:26 | Credential Dumping: SAM (lien direct) | In this article, were learn how passwords are stored in windows and out of the methods used to hash passwords in SAM, we will focus on LM and NTLM authentications. And then we learn how to dump these credential hashes from SAM. Table of Content Introduction to SAM How passwords are stored? LM Authentication NTLM... Continue reading → | |||
|
2020-04-08 10:38:57 | Credential Dumping: Security Support Provider (SSP) (lien direct) | In this article, we will dump the windows login credentials by exploiting SSP. This is our fourth article in the series of credential dumping. Both local and remote method is used in this article to cover every aspect of pentesting. Table of content: Introduction to Security Support Provider (SSP) Manual Mimikatz Metasploit Framework Kodiac Introduction... Continue reading → | |||
|
2020-04-06 07:31:14 | Credential Dumping: WDigest (lien direct) | This is our third article in the series of Credential Dumping. In this article, we will manipulate WDigest.dll in or retrieve the system credentials. The methods used in this article are for both internal and external penetration testing. Table of Content: Introduction to WDigest Working of WDigest.dll Manual PowerShell Powershell via meterpreter Metasploit Framework PowerShell... Continue reading → | |||
|
2020-04-03 08:05:35 | Credential Dumping: Windows Credential Manager (lien direct) | In this article, we learn about dumping system credentials by exploiting credential manager. We will talk about various methods today which can be used in both internal and external penetration testing. Table of Content: Introduction to credentials manager Accessing credential manager Metasploit Empire Credentialfileview PowerShell Mitigation Conclusion Introduction to Credential Manager Credential Manager was introduced... Continue reading → | |||
|
2020-04-03 07:32:41 | Persistence: RID Hijacking (lien direct) | In this post, we will be discussed on RID hijacking which is considered as persistence technique in term of cyber kill chain and in this article, you will learn multiple ways to perform RID hijacking. Table of Content Introduction FSMO roles SID & RID Syntax Important Key points RID-Hijacking Metasploit Empire Introduction Microsoft divided the... Continue reading → | |||
|
2020-04-02 06:26:28 | Comprehensive Guide on CryptCat (lien direct) | In this article, we will provide you with some basic functionality of CryptCat and how to get a session from it using this tool. Table of Content Introduction Chat Verbose mode Protect with Password Reverse Shell Randomize port Timeout and Delay interval Netcat vs CryptCat Introduction CryptCat is a standard NetCat enhanced tool with two-way... Continue reading → | Tool | ||
|
2020-04-01 12:43:41 | VulnUni: 1.0.1: Vulnhub Walkthrough (lien direct) | Hello! Everyone and Welcome to yet another CTF challenge from emaragkos, called 'VulnUni: 1.0.1,' which is available online on vulnhub for those who want to increase their skills in penetration testing and Black box testing. Level: Easy Task: Find user.txt and root.txt in the victim's machine Penetration Methodologies Scanning Netdiscover Nmap Enumeration Browsing HTTP service Extracting URLs... Continue reading → |
To see everything:
Our RSS (filtrered)
