Hack the Box: Open Admin Box Walkthrough
Hack the Box: Open Admin Box WalkthroughToday, I am going to share a writeup for the boot2root challenge of the Hack the Box machine âOPENADMINâ which is a retired machine. It was actually an easy box...
View ArticleLateral Movement: Pass the Hash Attack
If you have been in the Information Security domain anytime in the last 20 years, you may have heard about Pass-the-Hash or PtH attack. It is very effective and it punishes very hard if ignored. This...
View ArticleLateral Movement: Over Pass the Hash
In this post, we're going to talk about Over Pass the hash that added another step in passing the hash. Pass the hash is an attack that allows an intruder to authenticate as user without having acess...
View ArticleKatana: Vulnhub Walkthrough
Katana VM is made by SunCSR Team. This VM is a purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. It is of intermediate level and is very handy in...
View ArticlePersistence: Accessibility Features
Today we are going to shed some light on a very sticky persistence method. It is so sticky that it has been there from the long time and it is here to stick. This was the last of my puns. You might...
View ArticleGeisha:1: Vulnhub Walkthrough
Today, I am going to share a writeup for the boot2root challenge of the vulnhub machine âGIESHAâ. It was actually an easy box based on the Linux machine and the goal is to get the root shell and then...
View ArticleComprehensive Guide to Password Spraying Attack
Today we deal with the technique that at first sounds very much similar to Bruteforcing but trust me, it is not brute-force. It is Password Spraying. We will understand the difference between the two...
View ArticleTBBT2: Vulnhub Walkthrough
TBBT2 is made by emaragkos. This boot2root machine is part of the TBBT Fun with Flags series and it is themed after the famous TV show, The Big Bang Theory and has really strong CTF elements. It's more...
View ArticleCengBox: 1 Vulnhub Walkthrough
Today, I am going to share a writeup for the boot2root challenge of the vulnhub machine âCengbox:1â. It was an easy box based on the Linux machine which helped me learn many new things. The goal is to...
View Articlemhz_cxf: c1f Vulnhub Walkthrough
CTFâs are a great way to sharpen your axe. As a security enthusiasts, this is probably the best way to get some hands on practice that lends perspective as to how an adversary will exploit a...
View ArticleLateral Movement: Pass the Ccache
In this post, we'll discuss how an attacker uses the ccache file to compromise kerberos authentication to access the application server without using a password. This attack is known as Pass the cacche...
View ArticleAbusing Microsoft Outlook 365 to Capture NTLM
In this post we will discuss "How the attacker uses the Microsoft office for phishing attack to get the NTLM hashes from Windows." Since we all knew that Microsoft Office applications like Word ,...
View ArticleBypass Detection for Meterpreter Shell (Impersonate_SSL)
In this article, we will learn to mimic an authentic SSL certificate to bypass various security measures taken by the target. It will also ensure the stealthiness of an attack. Today, everyone is more...
View ArticleDevRandom CTF:1.1 Vulnhub Walkthrough
Today we are going to solve another boot2root challenge called âDevRandom CTF:1.1â. It is available on Vulnhub for the purpose of Penetration Testing practices. This lab is not that difficult if we...
View ArticleCredential Dumping: DCSync Attack
The most of the Organisation need more than one domain controller for their Active Directory and to maintain consistent among multiple Domain controller, it is necessary to have the Active Directory...
View ArticleLateral Movement: Pass the Ticket Attack
After working on Pass the Hash attack and Over the pass attack, itâs time to focus on a similar kind of attack called Pass the Ticket attack. It is very effective and it punishes too if ignored. Letâs...
View ArticleDumping Clear-Text Passwords from Browsers using NetRipper
Dumping Clear-Text Passwords from Browsers using NetRipperNetRipper is a post-exploitation tool and performs API based traffic sniffing to capture plain text passwords before it is passed to...
View ArticleZion: 1.1 Vulnhub Walkthrough
Today, I am going to share a writeup for the boot2root challenge of the Vulnhub machine âZion: 1.1â. It was actually an intermediate box based on the Linux machine. The goal for this machine is to read...
View ArticleSumo: 1 Vulnhub Walkthrough
Today, I am going to share a writeup for the boot2root challenge of the Vulnhub machine âZion: 1.1â. It was an intermediate box based on the Linux machine. The goal for this machine is to read the flag...
View ArticleCredential Dumping:LAPS
In this post you will find out how Microsoft's LAPs feature can be abused by the attacker in order to get end user password.Table of ContentLocal Administrator Password SolutionLAPS Attack Walkthrough·...
View Article