In today’s post we are going to exploit one-way trust relationships, from an inbound point of view. If you haven’t seen it yet, take a look at this post first, in which I explain the basics of trust relationships in an active directory, the different relationships that forests have and how to exploit a two-way … Read more
Let’s continue with the posts on Red Teaming. After the post on how to exploit misconfigured Certificate Templates, today we will talk about the forests, the trust relationships that are established between the different domains, and how to abuse them to pivot and gain access to other domains. Basic Concepts Let me first define some … Read more
Today I would like to talk about a vulnerability that I have found frequently in the Red Team exercises I have participated in. It is the exploitation of misconfigured Active Directories Certificate Templates. Context First of all, let’s put a bit of context to the scenario we find ourselves in. We assume that we have … Read more
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in all major Linux distributions and in some Unix-like operating systems, has just appeared and can be easily exploited by unprivileged local users to gain full root privileges. This vulnerability is really interesting given how easy it is to exploit. Moreover, it has been exploitable … Read more
In the last few weeks there has been a revolution in the IT world. Everyone has been worried, there have been thousands of meetings to discuss it, hundreds of memes have been created about it. One of the vulnerabilities with the highest exposure factor in recent years has come to light: CVE-2021-44228, now known as … Read more
Two-step or multi-step authentication is a great enhancement to account security, but phishing attacks remain a danger.
Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys… Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since … Read more
Today I bring you a very interesting type of SQL Injection, and that is not very well known. It’s a variation of Blind SQL Injection.if you’re still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases. In Blind SQL … Read more
This is the third post on the post-exploitation method based on code caves. In the first part I showed you how to create a basic code cave in an executable to introduce a shell. In the second part I improved its detection rate using natural code caves and hiding the jump to the cave between … Read more
This is the second part of the set of posts about Post Explotation Backdooring. If you haven’t read the previous post, I recommend you do so to understand this post. Again I want to thank OscarAkaElvis, who taught me these PE Backdooring techniques. In the previous post we saw how to introduce the code of … Read more