Learn Ethical Hacking and Penetration Testing Online

In the previous article, a comprehensive discussion of Active Directory concepts was done. In this, we will be going through each and every step of AD Lab Setup For Exploitation. Later on, we will use this lab environment for attacking purposes. This article and series is inspired from TCM PEH course. AD Lab Requirements The lab environment will consist of 1 Windows Server 2019 machine2 Windows 10 Enterprise machinesVirtualization Software (I use VMWare Workstation) Hardware requirements are as follows for a smooth experience 60GB Disk Space16 GB RAM Downloading ISOs You can download the … [Read More...]

Many organizations today use Active Directory for better management, policy implementations, and many more. The attacks on these kinds of environments are increasing and attackers are coming up with new methods of compromising. Also, many certifications (including OSCP, and PNPT) now require taking over the Active Directory to pass the exam. So, in this series of articles, we will discuss Active Directory hacking. We will cover some basics and then explain the attacks in the simulated environment. These blogs will be focused on understanding the Windows Active Directory and seeing it from the attacker's … [Read More...]

Malware objectives can be understood through cyber kill chain process. Cyber kill chain is a Swiss army knife for hackers and cybersecurity experts. The model consists of reconnaissance, weaponization, delivery, exploitation, installation, Command & Control (C2), and Objectives cycle. Hackers do reconnaissance to prepare relevant payloads and deliver to target systems. If the security measures are good enough, the malware may not proceed beyond delivery stage. On the other hand, if attackers manage to cross the exploitation step, it is relatively easier for them to go through the rest of Cyber kill chain and … [Read More...]

There would be many times when you have come across websites with file upload functionality. Zip files have been around since 1989 and the issue with them is ancient. Hackers have been abusing zip file uploads to get RCE and/or overwrite the existing files outside the intended path. The Snyk security team claims to have discovered the vulnerability in 2018 but the same was discovered back in 1991 by the author named Inhuman. You can read about it in technique #3. This vulnerability is now known as Zip Slip. Zip Slip & Zipper Down Zip files and many other archive file formats can contain relative paths … [Read More...]

Securing networks and individual computing devices is a challenging task. We see a number of hardware and software based security solutions used to detect and prevent cyber-attacks. Firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention System (IPS), Antivirus (AV), etc. are some common security practices adopted to ensure the security of digital assets. Despite the use of security tools and strategies, attackers manage to penetrate networks and devices using malicious software (malware). Cybersecurity experts capture these malwares and analyze them in order understand their behavior and know the … [Read More...]