Multiple Files to Capture NTLM Hashes: NTLM Theft
IntroductionOften while conducting penetration tests, attackers aim to escalate their privileges. Be it Kerberoasting or a simple lsass dump attack, stealing NTLM hashes always tops off the list of...
View ArticleHackTheBox Toolbox Walkthrough
IntroductionToolbox is a CTF Windows box with difficulty rated as “easy” on HackTheBox platform. The machine covers SQL injections, gaining interactive shell, escaping container and escalating...
View ArticlePrevise HackTheBox Walkthrough
IntroductionPrevise is a CTF Linux box with difficulty rated as “easy” on the HackTheBox platform. The machine covers bypassing access control, OS command injection, hash cracking, privilege escalation...
View ArticleDailyBugle TryHackMe Walkthrough
IntroductionDailyBugle is a CTF Linux box with difficulty rated as “medium” on the TryHackMe platform. The machine covers Joomla 3.7.0 SQL injection vulnerability and privilege escalation using yum....
View ArticleWriter HackTheBox Walkthrough
Writer HackTheBox WalkthroughIntroductionWriter is a CTF Linux box with difficulty rated as “medium” on the HackTheBox platform. The machine covers SQL injection vulnerability and privilege escalation...
View ArticleHackable: 3 VulnHub Walkthrough
Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloadedhere.This lab is designed for experienced CTF players who want to put their abilities to the test. We used the...
View ArticleIntelligence HacktheBox Walkthrough
IntroductionIntelligence is a CTF Windows box with difficulty rated as “medium” on the HackTheBox platform. The machine covers OSINT, AD attacks, and silver ticket for privilege escalation.Table of...
View ArticleCorrosion: 2 VulnHub Walkthrough
Proxy Programmer's Corrosion: 2 is a Vulnhub medium machine. We can download the lab from here. This lab is designed for experienced CTF players who want to put their abilities to the test in a variety...
View ArticleProcess Ghosting Attack
IntroductionGabriel Landau released a post on Elastic Security here which talks about a technique through which antivirus evasion was found to be possible. The technique deals with creating a ghost...
View ArticleForge HackTheBox Walkthrough
IntroductionForge is a CTF linux box rated “medium” on the difficulty scale on HackTheBox platform. The box covers subdomain enumeration, SSRF attacks and basic reverse engineering of python script for...
View ArticleDomain Persistence: Golden Certificate Attack
IntroductionSecurity analysts who have some knowledge about Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an AD, uses ticket-based...
View ArticleLinux Privilege Escalation: Polkit CVE 2021-3560
IntroductionAccording to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a tool in PolicyKit or polkit that allows...
View ArticleAnubis HackTheBox Walkthrough
IntroductionAnubis is an “insane” level CTF box available on HackTheBox platform designed by 4ndr34z. The box covers real life scenario of initial exploitation by uploading ASP webshell, breaking out...
View ArticleDomain Persistence: Computer Accounts
IntroductionOften while configuring Active Directories, system admins don’t recognize the harm that comes with allowing a local administrator account on a system assigned to a particular user....
View ArticleLinux Privilege Escalation: PwnKit (CVE 2021-4034)
IntroductionTeam Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec which allows low-level users to run command as privileged users. According to...
View ArticleHorizontall HackTheBox Walkthrough
IntroductionHorizontall is an “easy” rated CTF Linux box on Hack The Box platform. The box covers initial compromise by exploiting Strapi RCE vulnerability and escalating privileges by tunneling an...
View ArticleWindows Privilege Escalation: SpoolFool
Windows Privilege Escalation: SpoolFoolIntroductionOliver Lyak posted a writeup about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous...
View ArticleWindows Privilege Escalation: PrintNightmare
IntroductionPrint Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear enrichment centrifuges...
View ArticleDomain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
IntroductionWill Schroeder and Lee Christensen wrote a research paper on this technique which can be referred to here. In ESC8 technique mentioned in the research paper, they talked about an inherent...
View ArticleWindows Persistence: Shortcut Modification (T1547)
IntroductionAccording to MITRE, “Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain persistence or gain higher-level privileges on...
View Article