Categories
web assessments

Need ATutor for AWAE?

I was fortunate enough to go through Offensive Security’s Advanced Web Attacks and Exploitation course. However, since my lab time was limited, I found myself somewhat rushing through some of the modules to ensure I had enough time to work through the entire course materials provided. Now that my lab time is over, and with […]

Categories
active directory red teaming

Spray and Pray

One form of brute forcing is called "Password Spraying". This form of attack is somewhat the inverse of the traditional form of brute forcing. Instead of using a few or even one username with a wordlist for potential passwords, password spraying makes use of a list of usernames with a few choice passwords. For the […]

Categories
active directory

Laboratorio de Computación

This field is definitely one that requires a lot of self-study (at least for this noob) and as a result, I wanted to practice some different attacks against Windows systems, specifically within an Active Directory (AD) environment. This led me building out a mini lab with a few a handful of virtual machines. For this […]

Categories
active directory

Let Slip the Hounds of War

When I first started learning how to use BloodHound, I remember trying to figure out how to best utilize this tool to discover possible vulnerabilities when attacking Active Directory environments. This post is intended to be a quick, little usage guide to visualizing some of the misconfigurations that can be exploited to laterally move and/or […]

Categories
web assessments

Chaining Web Vulnerabilities FTW w/RCE

I’ve recently enrolled in Offensive Security’s Advanced Web Attacks and Exploitation (AWAE) course. One of the biggest takeaways that I’ve experienced so far, is that when finding various vulnerabilities, some may not be as significant as a SQLi or RCE, but if possible these "less impactful" vulnerabilities can be chained together to form a more […]

Categories
red teaming

Shout-out to the Slack Shellbot

After working on the Slacking off with sqlmap post, I began to look for other ways that Slack’s webhooks could be helpful in assessments. I stumbled across this post written by Russel Van Tuyl, where he described how to integrate these webhooks to notify him when a shell is received either in Metasploit or PowerShell […]

Categories
web assessments

Slacking off with sqlmap

When working through web assessments, it becomes apparent real quick that automating some of your scans/setup can be a solid strategy. One efficient way of being notified of different results from your scans is through the use of Slack’s webhooks. This post was inspired by Kamil Vavra’s post found here, and recounts how these webhooks […]

Categories
active directory

🎵 “I’ve Got a Golden Ticket” 🎵

There are a couple of different ways that a Golden Ticket can be created and used when attacking an Active Directory environment. One of which is through the use of Impacket’s ticketer.py. The nice thing about this script is that it allows you to attack from a Linux system, rather than using Mimikatz from a […]

Categories
red teaming

Pivoting Down the Rabbit Hole

I remember one of the first security competitions I did when in school, our team was beat out by the team that was able to pivot within the environment of intentionally vulnerable systems. Since then I’ve been able to learn some of ways that you can move between systems. This post documents a few different […]