Content about penetration testing techniques. Such as:
===================
Information Gathering (Active & Passive)
Exploitation
Post Exploitation
Reporting
Vulnerability analysis and testing
Remediation & Best practices
We also offer content related to Blue Team techniques, such as:
====================
Device Configuration
Hardening devices
Incident Response
Threat Hunting
Also learn to configure and design some of the labs to practice on.
====================
Windows/*nix configuration
Programing
Vry4n is a Security Engineer, focused on Offensive/Defensive techniques.
"I believe that knowledge should be free shared with world."
Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler component. By persuading a victim to open specially-crafted content, an attacker could exploit Read more…
Impacket is a collection of Python classes and functions for working with various Windows network protocols. It is a centerpiece of many different pentesting tools. Impacket can work with plain, NTLM and Kerberos authentications, fully Read more…
BloodHound is an application developed with one purpose: to find relationships within an Active Directory (AD) domain to discover attack paths. It does so by using graph theory to find the shortest path for an Read more…
This time we will set a SMB server to run script from using impaket-smbserver https://github.com/SecureAuthCorp/impacket Download 1. Download the scripts git clone https://github.com/SecureAuthCorp/impacket.git 2. locate the smbserver script find . -iname *smbserver* 2> /dev/null Note: Read more…
Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and operating systems, from different vendors, to interoperate. https://docs.microsoft.com/en-us/windows/win32/winrm/portal WinRM is a Read more…
The ASREPRoast attack looks for users with don’t require Kerberos pre-authentication attribute (DONT_REQ_PREAUTH). That means that anyone can send an AS_REQ request to the DC on behalf of any of those users, and receive an Read more…
This publication is intended to guide you through to create a custom wordlist using hashcat. 1. First create or have already a word list. (I created a 4 words list) cat mylist.txt 2. if you Read more…
Sometimes in windows, we discover services that run with SYSTEM level privileges but doesn’t have proper permissions set by an administrator. These services mostly exist in third party software and these services are the best Read more…
Sometimes a normal user needs the ability to do some operations on a service, such as starting or stopping, multiple ways exists to grant these permissions. Windows has no GUI or (easy to use) command Read more…
WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. This writing is about how to run it, and, complete Post-Exploitation activities How to 1. Download the script from GitHub Read more…
Having credentials for Umbraco CMS allows us to run a reverse shell. This time we will run the exploit (https://www.exploit-db.com/exploits/49488) How to 1. In searchsploit you can search for Umbraco exploits searchsploit umbraco Note: This Read more…
Having already set up Active directory as per (https://vk9-sec.com/active-directory-dns-lab/). We can set up the SPN service for testing purposes. To use Kerberos authentication requires both the following conditions to be true: The client and server Read more…
Kerberos Workflow using Messages In the Active Directory domain, every domain controller runs a KDC (Kerberos Distribution Center) service that processes all requests for tickets to Kerberos. For Kerberos tickets, AD uses the KRBTGT account Read more…
This time we will enumerate Apache Tomcat/7.0.88, brute force the login and upload a webshell. The most interesting path of Tomcat is /manager/html, inside that path you can upload and deploy war files (execute code). Read more…
LDAP queries can be used to search for different objects (computers, users, groups) in the Active Directory LDAP database according to certain criteria. This time, we will use LDAP to enumerate Active Directory users. Search Read more…
Group Policy Preferences (GPP) was introduced in Windows Server 2008, and among many other features, allowed administrators to modify users and groups across their network. Group Policy Preferences is a collection of Group Policy client-side Read more…
mRemoteNG (mremote) is an open source project (https://github.com/rmcardle/mRemoteNG) that provides a full-featured, multi-tab remote connections manager. It currently supports RDP, SSH, Telnet, VNC, ICA, HTTP/S, rlogin, and raw socket connections. Additionally, It also provides the Read more…
JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so ‘should’ run on every Windows version since Windows Read more…