Posts related to penetration testing.

Abusing CVE-2022-26923 through SOCKS5 on a Mythic C2 agent

ABUSING CVE-2022-26923 THROUGH SOCKS5 ON A MYTHIC C2 AGENT This blog post was written by Amarjit Labhuram CVE-2022-29623 Vulnerability Introduction Vulnerability Type: Elevation of Privilege Vulnerability Component: Active Directory Certificate Services (AD CS) An attacker/user that has the ability to create a machine account and tamper with [...]

The Auror Project – Challenge 1 [Setting the lab up automatically]

THE AUROR PROJECT - CHALLENGE 1 [SETTING THE LAB UP AUTOMATICALLY] This blog post was written by Amarjit Labhuram Introduction In The Auror Project launched a course called the 3 machines lab - Active Directory series and if you know me by know you know I am [...]

Using Elastalert to alert via email when Mimikatz is run.

USING ELASTALERT TO ALERT VIA EMAIL WHEN MIMIKATZ IS RUN. This blog post was written by Dharmik Karania Introduction In this blog, I shall discuss how an alert can be sent via email when Mimikatz is run. Mimikatz is a post-exploitation tool that is used to dump [...]

HTB Business CTF: Crypto Challenge – Blinded

HTB BUSINESS CTF: CRYPTO CHALLENGE – BLINDED This blog post was written by Varun Gupta. Introduction This blog will cover on how to solve the Crypto Challenge – Blinded, which was part of HTB Business CTF. This challenge was based on the RSA algorithm and specifically the [...]

By |2021-10-18T20:23:00+03:00October 19th, 2021|Hack The Box|

Building A Basic Active Directory Lab

BUILDING A BASIC ACTIVE DIRECTORY LAB This blog post was written by Amarjit Labhuram. Introduction These days most enterprises run Microsoft Active Directory Services for building and managing their infrastructure. With the current rise of attacks against corporations, it is important for the security team to understand [...]

By |2021-07-18T12:13:37+03:00July 19th, 2021|Offensive Security, Penetration Testing, Red Teaming|

Exploiting Insecure Deserialization bugs found in the Wild (Python Pickles)

Exploiting Insecure Deserialization bugs found in the Wild (Python Pickles) This blog post was written by Ian Musyoka. Introduction Serialization is the process of converting an object into a byte stream so that It can be loaded elsewhere or stored in a database or file. Python is used in [...]

By |2021-06-23T18:42:13+03:00June 29th, 2021|Offensive Security, Penetration Testing, Red Teaming|

Exploiting Insecure Deserialization Vulnerabilities Found in the Wild

EXPLOITIING INSECURE DESERALIZATION VULNERABILITIES FOUND IN THE WILD This blog post was written by Ian Musyoka. Introduction Deserialization is the process of converting a byte stream back into an object so that it can be used by the web application the way it was intended.   The [...]

By |2021-06-23T12:16:03+03:00June 22nd, 2021|Offensive Security, Penetration Testing, Red Teaming|

PDF Cracking With Cloud Computing

PDF CRACKING WITH CLOUD COMPUTING This blog post was written by Varun Gupta. Introduction Hashcat is a popular password cracker and designed to break even the most complex password representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility [...]

By |2021-06-15T16:00:49+03:00June 15th, 2021|Offensive Security, Penetration Testing, Red Teaming|

Creating BadUSB using ATTINY85

CREATING BADUSB USING ATTINY85 This blog post was written by Varun Gupta. Introduction BadUSB is any USB device that was programmed (or reprogrammed) specifically to emulate a keyboard by sending a predetermined sequence of key press events to a computer in order to complete a task, which [...]

By |2021-06-09T21:53:30+03:00June 10th, 2021|Offensive Security, Penetration Testing, Red Teaming|

Linux Privilege Escalation Techniques using SUID

Linux Privilege Escalation Techniques via SUIDs This blog post was written by Dharmik Karania. Introduction SUID Overview. What is SUID? SUID is Set User ID. This has to do with permission settings. If we look at ls -la, we can see we have, RWX (Read, Write, Execute) and some have [...]

By |2021-09-02T15:32:43+03:00June 8th, 2021|Offensive Security, Penetration Testing, Red Teaming|
Go to Top