Cybersecurity News & Threat Intelligence
ADAudit Plus Exploitation Analysis — Data Encryption Analysis
Detailed analysis of ADAudit Plus data encryption: encrypted data location, bcrypt breakdown, domain/non-domain user distinction, and brute-force exploitation possibility.
Penetration Technique: Remote Access to Exchange PowerShell
Guide to Exchange PowerShell remote access penetration technique (fixed in CVE-2022-41040): implementation details, ProxyShell, NTLM auth & Python3 code tweaks for command execution.
GoAnywhere Managed File Transfer Vulnerability Debugging Environment Setup
Step-by-step guide to setting up GoAnywhere MFT vulnerability debugging environment: installation, Tomcat debug config, Apache Derby database access & operations.
ADAudit Plus Vulnerability Debugging Environment Setup
Learn to set up ADAudit Plus vulnerability debugging environment, configure debug parameters, and get PostgreSQL database user passwords (adap, postgres) with this guide.
Penetration Technique: Python Implementation of Exchange PowerShell
Python implementation of Exchange PowerShell commands (pypsrp), Kerberos auth details, and TabShell exploitation techniques for penetration testing.
Penetration Basics – Zimbra Version Detection
Discover Zimbra version detection methods (IMAP, URL, etc.), Python automation steps, development details, and open-source code for penetration testing learners.
Penetration Basics: Minio Version Detection
Discover Minio version detection methods, Python automation implementation details, and get open-source code for penetration testing basics. Covers API auth and version checks.
Penetration Basics — WebLogic Version Detection
Discover two WebLogic version detection methods (Admin Console & T3 protocol), Python automation steps, implementation details, and open-source code for WebLogic projects.
Veeam Backup & Replication Vulnerability Debugging Environment Setup
Step-by-step guide to setting up Veeam Backup & Replication vulnerability debugging environment (CVE-2023-27532): env setup, debugging steps, credential extraction.
Bypassing firewall using IIS port sharing feature
Learn how to bypass firewall restrictions using IIS port sharing and WinRM for remote server management on ports 80/443, including methods for high and low privileges.
Introduction to Windows Password Hashes - NTLM Hash and Net-NTLM Hash
Learn the differences between NTLM and Net-NTLM hashes in Windows, how they are generated, and methods for cracking them using tools like Hashcat and Mimikatz.
Penetration Techniques - User Enumeration and Password Brute-forcing via Kerberos Pre-Authentication
Learn how to use Kerberos pre-authentication for stealthy user enumeration and password brute-forcing without generating 4625 logs, with Python implementation tips.
Penetration Techniques - Exploitation of Nine Windows Privileges
Learn to exploit nine Windows privileges like SeImpersonatePrivilege for privilege escalation. Techniques include token theft, NTLM relay, and open-source tools for penetration testing.
Penetration Techniques - Stealth Execution of Windows Remote Assistance
Learn stealth techniques for Windows Remote Assistance exploitation, including hidden interfaces, simulated clicks, and detection methods for security testing.
Domain Penetration - Recovering Passwords Stored in Group Policy via SYSVOL
Learn how to recover passwords stored in Group Policy via SYSVOL, analyze exploitable aspects, and get defense tips for domain security.
Analysis of APT34 Leaked Tools - HighShell and HyperShell
Technical analysis of APT34's leaked HighShell and HyperShell webshells, including login credentials, Exchange backdoors, and command execution methods.
Analysis of Cobalt Strike's blockdlls Exploitation
Analysis of Cobalt Strike's blockdlls feature, covering detection, exploitation, and differences between Win8/Win10 systems with code examples.
Shellcode Generation Tool Donut Testing and Analysis
Test and analyze Donut, a tool converting .NET assemblies to stealthy shellcode for memory-based exploitation, injection, and bypassing defenses like AppLocker.
Analysis of SharpSniper Exploitation
Analyze SharpSniper for locating domain user IPs via DC logs. Learn implementation with wevtutil and PowerShell for security log queries and IP extraction.
Analysis of Backdoor Implementation Using TelemetryController
Learn how TelemetryController is exploited for backdoor persistence on Windows, including issues on Win7/Server 2012 R2 and defense tips.