In today’s post we are going to exploit one-way trust relationships, from an inbound point of view. If you haven’t seen it yet, take a look at this post first, in which I explain the basics of trust relationships in an active directory, the different relationships that forests have and how to exploit a two-way … Read more
Let’s continue with the posts on Red Teaming. After the post on how to exploit misconfigured Certificate Templates, today we will talk about the forests, the trust relationships that are established between the different domains, and how to abuse them to pivot and gain access to other domains. Basic Concepts Let me first define some … Read more
Today I would like to talk about a vulnerability that I have found frequently in the Red Team exercises I have participated in. It is the exploitation of misconfigured Active Directories Certificate Templates. Context First of all, let’s put a bit of context to the scenario we find ourselves in. We assume that we have … Read more
Today I find it necessary to move away from the technical side of this website to an opinion piece. I have been in the cybersecurity sector for 5 years. Specifically, in offensive cyber security. I have been lucky enough to go straight into cybersecurity work, which is rare. The most common thing is to find … Read more
A few days ago I participated with a colleague in a Red Teaming exercise. I’m just starting out in this kind of exercise (I hope to get my Red Team Operator certificate before the end of the year), but my colleague is an expert who has been working on this for years and has spoken … Read more
Earlier this year I passed the CISSP on the first attempt. This is another of the many articles that exist on how to pass the exam and obtain one of the most prestigious (ICS)2 certifications. Based on my experience reading this kind of articles is quite useful, especially in the days before taking the exam. … Read more
0. Rooting Android & Jailbreaking iOS Android It is recommended to use an android device to test the application. If you cannot get one, then you can use an Android VM. Alternatively, you can configure an Android device. There are lots of guides on the Internet to root an Android device. For this guide, I … Read more
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in all major Linux distributions and in some Unix-like operating systems, has just appeared and can be easily exploited by unprivileged local users to gain full root privileges. This vulnerability is really interesting given how easy it is to exploit. Moreover, it has been exploitable … Read more
In the last few weeks there has been a revolution in the IT world. Everyone has been worried, there have been thousands of meetings to discuss it, hundreds of memes have been created about it. One of the vulnerabilities with the highest exposure factor in recent years has come to light: CVE-2021-44228, now known as … Read more
Two-step or multi-step authentication is a great enhancement to account security, but phishing attacks remain a danger.