Credential Dumping: Applications
This is a sixth article in the Credential Dumping series. In this article, we will learn how we can dump the credentials from various applications such as CoreFTP, FileZilla, WinSCP, Putty, etc.Table...
View ArticleWindows Persistence using WinLogon
In this article, we are going to describe the ability of the WinLogon process to provide persistent access to the Target Machine.Table of Content· Introduction· Configurations used in...
View ArticlePenetration Testing on VoIP Asterisk Server
Today we will be learning about VoIP Penetration Testing this includes, how to enumeration, information gathering, User extension and password enumeration, sip registration hijacking and spoofing.Table...
View ArticleCredential Dumping: NTDS.dit
In this article, you will learn how passwords are stored in Windows Active directory and find out the methods used to hash passwords in NTDS.dit. And then we will learn how to dump these credentials...
View ArticleCredential Dumping: Phishing
This is the ninth article in our series of Credentials Dumping. In this article, we will trigger various scenarios where windows will ask for user authentication to retrieve the credentials. For...
View ArticleWindows Persistence using Bits Job
In this article, we are going to describe the ability of the Bits Job process to provide persistent access to the Target Machine.Table of Content· Introduction· Configurations used in...
View ArticleCredential Dumping: Local Security Authority (LSA|LSASS.EXE)
LSA and LSASS stands for "Local Security Authority" And "Local Security Authority Subsystem (server) Service", respectivelyThe Local Security Authority (LSA) is a protected system process that...
View ArticleWindows Persistence using Netsh
In this article, we are going to describe the ability of the Netsh process to provide persistent access to the Target Machine.Table of Content· Introduction· Configurations used in...
View ArticleCredential Dumpimg: Clipboard
In this article, we learn about online password mangers and dumping the credentials from such managers via clipboard. Passwords are not easy to remember especially when passwords are made up of...
View ArticleRDP Session Hijacking with tscon
In this article, we will learn to hijack an RDP session using various methods. This is a part of Lateral movement which is a technique that the attacker uses to move through the target environment...
View ArticleDomain Persistence: Golden Ticket Attack
Golden Ticket attack is a famous technique of impersonating users on an AD domain by abusing Kerberos authentication. As we all know Windows two famous authentication are NTLM and Kerberos in this...
View ArticleKerberos Brute Force Attack
In previous article we had explain Forge Kerberos Ticket “Domain Peristence: Golden Ticket Attack” where have discuss how kerberos authentication process and what its service componet. In this post...
View ArticleDomain Controller Backdoor: Skeleton Key
When the many people around were fighting the good fight for Net Neutrality, talented people over Dell SecureWorks Counter Threat Unit or CTU discovered a malware that can bypass the authentication on...
View ArticleData Exfiltration using DNSSteal
In this article, we will comprehend the working of DNSteal with the focus on data exfiltration. You can download this tool from here.Table of content:· Introduction to Data Exfiltration·...
View ArticlePenetration Testing on VoIP Asterisk Server (Part 2)
In the previous article we learned about Enumeration, Information Gathering, Call Spoofing. We introduced a little about the Asterisk Server. This time we will focus more on the Asterisk Manager...
View ArticleLateral Movement: WMI
WMI is used for a lot of stuff but it can also be used for Lateral Movement around the network. This can be achieved using the MSI file. Confused? Read along!Table of Content· Introduction to...
View ArticleDeep Dive into Kerbroasting Attack
In this article, we will discuss kerberoasting attacks and other multiple methods of abusing Kerberos authentication. But before that, you need to understand how Kerberos authentication works between...
View ArticleImpacket Guide: SMB/MSRPC
There have been many Red Team scenarios, Capture the Flag challenges where we face the Windows Server. After exploiting and getting the initial foothold in the server it is very difficult to extract...
View ArticleLateral Moment on Active Directory: CrackMapExec
In this article, we learn to use crackmapexec. This tool is developed by byt3bl33d3r. I have used this tool many times for both offensive and defensive techniques. And with my experience from this...
View ArticleAS-REP Roasting
In our previous articles, we have discussed “Golden ticket Attack”, “Kerberoast” and “Kerberos Brute Force” multiple method to abuse Kerberos which is a ticking protocol.Today we are going to discuss...
View Article