When starting this Active Directory Exploitation series, we talked about abusing windows features. This post will cover … [Read More...]
Featured Articles
Token Impersonation Attack
We have been doing the Pass The Hash/Password attack in the previous article. This article will focus on tokens and how … [Read More...]
Pass The Hash Attack
So far, we have been attacking the machines to gain the access to machines. We have been dumping the credentials through … [Read More...]
Editorial Picks
How Hackers Write Malware with ChatGPT
This video shows you step by step how hackers write malware with ChatGPT and will show you what you need to know to … [Read More...]
How Hackers Create Pharming Malware
This video shows you step by step how hackers create pharming malware on Linux and will show you what you need to know … [Read More...]
Hacking with Shodan
Shodan is an amazing pentesting and hacking tool you just need to know how to properly use it. We've got you covered … [Read More...]
Latest Blog Updates
Loading...Kerberoasting
When starting this Active Directory Exploitation series, we talked about abusing windows features. This post will cover Kerberos (an authentication protocol) and how we can abuse it to gain elevated privileges. The procedure followed for abusing the Kerberos feature is termed Kerberoasting. Kerberos Kerberos is a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. It uses secret-key cryptography and a trusted third party (Key Distribution Center; KDC) for authenticating client-server applications and … [Read More...]
Token Impersonation Attack
We have been doing the Pass The Hash/Password attack in the previous article. This article will focus on tokens and how we can perform token impersonation to gain access to the resources. Tokens For ease of understanding, you can think of tokens as cookies for the computer. These temporary keys allow you access to a system, a network, or a resource without providing the credentials. A web pentester can think of them as cookies or tokens (JWT etc) for accessing credential-protected resources. Types of Tokens There are two types of tokens Delegate TokenThese tokens are for the interactive logons, … [Read More...]
Pass The Hash Attack
So far, we have been attacking the machines to gain the access to machines. We have been dumping the credentials through the responder and then decrypting them. One of the useful attacks is Pass The Hash. In this, we do not decrypt the hash but pass it through the network for authentication. Pass The Hash is a technique where an attacker captures a password hash and then passes it through for authentication and lateral access to other networked systems. With this technique, the threat actor does not need to decrypt the hash to obtain a plain text password. This attack exploits the authentication protocol, as … [Read More...]
BloodHound (Visualizing AD and Unveiling Attack Surface)
So far, in the post-compromise AD enumeration, we have been using the PowerView tool to gather information. That tool was completely CLI-based and needed commands to gather the information. As specified in the previous article, the next tool we will be using is BloodHound. BloodHound BloodHound is a single-page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. It is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment. BloodHound uses graph … [Read More...]
How Hackers Write Malware with ChatGPT
This video shows you step by step how hackers write malware with ChatGPT and will show you what you need to know to defend yourself against it. … [Read More...]
Become a Member
