Clik here to view.
Anubis HackTheBox Walkthrough
Introduction Anubis is an “insane” level CTF box available on the HackTheBox platform designed by 4ndr34z. The box covers a real-life scenario of initial exploitation by uploading ASP webshell,...
View ArticleClik here to view.
Domain Persistence: Computer Accounts
Introduction Often while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to a particular user....
View ArticleClik here to view.
Linux Privilege Escalation: PwnKit (CVE 2021-4034)
Introduction Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run commands as privileged users. According to...
View ArticleClik here to view.
Horizontall HackTheBox Walkthrough
Introduction Horizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and escalating privileges by tunnelling an...
View ArticleClik here to view.
Windows Privilege Escalation: SpoolFool
Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print Spooler...
View ArticleClik here to view.
Windows Privilege Escalation: PrintNightmare
Introduction Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear enrichment centrifuges...
View ArticleClik here to view.
Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
Introduction Will Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research paper, they talked about an inherent...
View ArticleClik here to view.
Windows Persistence: Shortcut Modification (T1547)
Introduction According to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on...
View ArticleClik here to view.
File Transfer Filter Bypass: Exe2Hex
Introduction Exe2hex is a tool developed by g0tmilk which can be found here. The tool transcribes EXE into a series of hexadecimal strings which can be restored into the original EXE file by using...
View ArticleClik here to view.
A Detailed Guide on Wfuzz
Introduction Many tools have been developed that create an HTTP request and allow a user to modify their contents. Fuzzing works the same way. A user can send a similar request multiple times to the...
View ArticleClik here to view.
Linux Privilege Escalation: DirtyPipe (CVE 2022-0847)
Introduction CVE 2022-0847 is a privilege escalation vulnerability discovered by Max Kellerman present in Linux Kernel itself post versions 5.8 which allows overwriting data in arbitrary read-only...
View ArticleClik here to view.
Domain Escalation: Resource Based Constrained Delegation
Introduction Delegation has been a part of Microsoft’s Active Directory environment since the early 2000s and has remained one of few ignored threats by system analysts. Due to misconfigured delegation...
View ArticleClik here to view.
A Detailed Guide on httpx
Introduction httpx is a fast web application reconnaissance tool coded in go by www.projectidscovery.io. With a plethora of multiple modules effective in manipulating HTTP requests and filtering out...
View ArticleClik here to view.
Indirect Command Execution: Defense Evasion (T1202)
Introduction Indirect Command Execution is a defense evasion technique that is often used by Red Teams in which an adversary tries to bypass certain defense filters put in place which may restrict...
View ArticleClik here to view.
Parent PID Spoofing (Mitre:T1134)
Introduction Parent PID spoofing is an access token manipulation technique that may aid an attacker to evade defense techniques such as heuristic detection by spoofing PPID of a malicious file to that...
View ArticleClik here to view.
A Detailed Guide on Crunch
Introduction Often times attackers have the need to generate a wordlist based on certain criteria which are required for pentest scenarios like password spraying/brute-forcing. Other times it could be...
View ArticleClik here to view.
Lateral Movement: WebClient Workstation Takeover
Introduction The article is based on @tifkin_’s idea that a workstation takeover, also known as lateral movement, is possible by abusing WebDAV shares. In Certified Pre-Owned whitepaper a technique...
View ArticleClik here to view.
Lateral Movement: Remote Services (Mitre:T1021)
Introduction During Red Team assessments, after a compromise has been done, attackers tend to laterally move through the network gaining more relevant information on other systems. This lateral...
View ArticleClik here to view.
Windows Persistence: COM Hijacking (MITRE: T1546.015)
Introduction According to MITRE, “Adversaries can use the COM system to insert malicious code that can be executed in place of legitimate software through hijacking the COM references and relationships...
View ArticleClik here to view.
A Detailed Guide on Cewl
Hi, Pentesters! In this article, we are going to focus on the Kali Linux tool “Cewl” which will basically help you to create a wordlist. Let’s explore this tool and learn about what all other options...
View Article