USING ELASTALERT TO ALERT VIA EMAIL WHEN MIMIKATZ IS RUN. This blog post was written by Dharmik Karania Introduction In this blog, I shall discuss how an alert can be sent via email when Mimikatz is run. Mimikatz is a post-exploitation tool that is used to dump [...]
HTB BUSINESS CTF: CRYPTO CHALLENGE – BLINDED This blog post was written by Varun Gupta. Introduction This blog will cover on how to solve the Crypto Challenge – Blinded, which was part of HTB Business CTF. This challenge was based on the RSA algorithm and specifically the [...]
BUILDING A BASIC ACTIVE DIRECTORY LAB This blog post was written by Amarjit Labhuram. Introduction These days most enterprises run Microsoft Active Directory Services for building and managing their infrastructure. With the current rise of attacks against corporations, it is important for the security team to understand [...]
Exploiting Insecure Deserialization bugs found in the Wild (Python Pickles) This blog post was written by Ian Musyoka. Introduction Serialization is the process of converting an object into a byte stream so that It can be loaded elsewhere or stored in a database or file. Python is used in [...]
EXPLOITIING INSECURE DESERALIZATION VULNERABILITIES FOUND IN THE WILD This blog post was written by Ian Musyoka. Introduction Deserialization is the process of converting a byte stream back into an object so that it can be used by the web application the way it was intended. The [...]
PDF CRACKING WITH CLOUD COMPUTING This blog post was written by Varun Gupta. Introduction Hashcat is a popular password cracker and designed to break even the most complex password representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility [...]
CREATING BADUSB USING ATTINY85 This blog post was written by Varun Gupta. Introduction BadUSB is any USB device that was programmed (or reprogrammed) specifically to emulate a keyboard by sending a predetermined sequence of key press events to a computer in order to complete a task, which [...]
Linux Privilege Escalation Techniques via SUIDs This blog post was written by Dharmik Karania. Introduction SUID Overview. What is SUID? SUID is Set User ID. This has to do with permission settings. If we look at ls -la, we can see we have, RWX (Read, Write, Execute) and some have [...]
HTTP Parameter Pollution (HPP) This blog post was written by Rodney Kariuki Introduction HTTP Parameter Pollution (HPP) is a type of injection attack that occurs when a target system accepts multiple parameters with the same name and handles them in a manner that might be insecure or unexpected. [...]
DNS TUNNELING FOR DEFENCE EVASION AND COMMAND AND CONTROL This blog post was written by Alex Maina. Introduction Before we look at exploiting DNS through DNS tunneling we need to understand DNS and how it is critical to an organization’s infrastructure. DNS is used to translate IP addresses into domain [...]
