Posts related to penetration testing.
ABUSING CVE-2022-26923 THROUGH SOCKS5 ON A MYTHIC C2 AGENT This blog post was written by Amarjit Labhuram CVE-2022-29623 Vulnerability Introduction Vulnerability Type: Elevation of Privilege Vulnerability Component: Active Directory Certificate Services (AD CS) An attacker/user that has the ability to create a machine account and tamper with [...]
THE AUROR PROJECT - CHALLENGE 1 [SETTING THE LAB UP AUTOMATICALLY] This blog post was written by Amarjit Labhuram Introduction In The Auror Project launched a course called the 3 machines lab - Active Directory series and if you know me by know you know I am [...]
USING ELASTALERT TO ALERT VIA EMAIL WHEN MIMIKATZ IS RUN. This blog post was written by Dharmik Karania Introduction In this blog, I shall discuss how an alert can be sent via email when Mimikatz is run. Mimikatz is a post-exploitation tool that is used to dump [...]
HTB BUSINESS CTF: CRYPTO CHALLENGE – BLINDED This blog post was written by Varun Gupta. Introduction This blog will cover on how to solve the Crypto Challenge – Blinded, which was part of HTB Business CTF. This challenge was based on the RSA algorithm and specifically the [...]
BUILDING A BASIC ACTIVE DIRECTORY LAB This blog post was written by Amarjit Labhuram. Introduction These days most enterprises run Microsoft Active Directory Services for building and managing their infrastructure. With the current rise of attacks against corporations, it is important for the security team to understand [...]
Exploiting Insecure Deserialization bugs found in the Wild (Python Pickles) This blog post was written by Ian Musyoka. Introduction Serialization is the process of converting an object into a byte stream so that It can be loaded elsewhere or stored in a database or file. Python is used in [...]
EXPLOITIING INSECURE DESERALIZATION VULNERABILITIES FOUND IN THE WILD This blog post was written by Ian Musyoka. Introduction Deserialization is the process of converting a byte stream back into an object so that it can be used by the web application the way it was intended. The [...]
PDF CRACKING WITH CLOUD COMPUTING This blog post was written by Varun Gupta. Introduction Hashcat is a popular password cracker and designed to break even the most complex password representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility [...]
CREATING BADUSB USING ATTINY85 This blog post was written by Varun Gupta. Introduction BadUSB is any USB device that was programmed (or reprogrammed) specifically to emulate a keyboard by sending a predetermined sequence of key press events to a computer in order to complete a task, which [...]
Linux Privilege Escalation Techniques via SUIDs This blog post was written by Dharmik Karania. Introduction SUID Overview. What is SUID? SUID is Set User ID. This has to do with permission settings. If we look at ls -la, we can see we have, RWX (Read, Write, Execute) and some have [...]
