Red Teaming

DNS TUNNELING FOR DEFENCE EVASION AND COMMAND AND CONTROL This blog post was written by Alex Maina. Introduction Before we look at exploiting DNS through DNS tunneling we need to understand DNS and how it is critical to an organization’s infrastructure. DNS is used to translate IP addresses into domain [...]

CAPTURING NET-NTLM V2 HASHES VIA OUTLOOK SIGNATURES This blog post was written by Dharmik Karania. Introduction Today, it is possible to craft a malicious email that allows an adversary to capture NetNTLMV2 hashes without requiring any form of interaction with the user. The user only has to click open the [...]

PERSISTENCE: COMMON USERLAND TECHNIQUES (PART 2) This blog post was written by Dharmik Karania and Amarjit Labhuram Introduction In Persistence Part 1, we looked at a couple of Userland Persistence Techniques. In this blog, we continue with other techniques which include Dynamic Link Library (DLL) Hijacking through [...]

PERSISTENCE: COMMON USERLAND TECHNIQUES (PART 1) This blog post was written by Amarjit Labhuram. Introduction Getting an initial foothold during a red team operation can be time consuming and come with its own challenges. Once an operator has a command and control channel established into the client [...]

HUNTING INSECURE DIRECT OBJECT REFENCES (IDORs) This blog post was written by Rodney Kariuki. Introduction Insecure Direct Object Reference (IDOR) is a type of access control vulnerability that arises when the references to data objects (like a file or a database entry) are predictable, and the application uses user-supplied input [...]

WINDOWS PRIVILEGE ESCALATION This blog post was written by Varun Gupta. Introduction Privilege escalation happens when a malicious user exploits a vulnerability in an application or operating system to gain elevated access to resources that should normally be unavailable to that user. The attacker can then use the newly gained [...]

INITIAL ACCESS WITH MALDOCS This blog post was written by Amarjit Labhuram. Introduction Phishing and spear phishing are the most common and effective ways adversaries are using to get access into corporate networks. For adversaries the pain of trying to get a 0-day on the infrastructure a [...]

PHISHING ATTACKS WITH EVILGINX2 This blog post was written by Varun Gupta. IntroductionEvilginx2 is an attack framework for setting up phishing pages. Instead of serving templates of sign-in pages look-alikes, Evilginx2 becomes a relay (proxy) between the real website and the phished user. Phished user interacts with the real [...]

HACKING ANDROID PHONES WITH MALICIOUS APK This blog post was written by Rodney Kariuki. Introduction It is possible to exploit the actual android device of a user by installing malicious payloads on their phones in form of Android Application Packages (APKs), or by trojanizing a legitimate application. [...]

VEGILE (UNLIMITED SHELL IN LINUX USING METASPOILT) This blog post was written by Alex Maina. Introduction This blog will talk about maintaining persistence in Linux using Vegile. Vegile (Ghost in the Shell) is a tool for post-exploitation. Post exploitation technique will ensure that we maintain some level of access [...]