As companies continue to rely on databases to store sensitive information, securing the data has become a top priority. MS SQL Server is a popular database management system that integrates with Windows and Active Directory domains, creating trust relationships that can be leveraged for attacks. As a Red Teamer, it’s crucial to understand the fundamentals...
BloodHound is a powerful security tool that uses graph theory to reveal the relationships between users, groups, and computers in a domain. In this comprehensive guide, we’ll take a deep dive into BloodHound and its companion tool SharpHound, providing you with the knowledge and skills needed to navigate and utilize these tools to their fullest...
Kerberos is a network authentication protocol used to provide secure authentication over a non-secure network. While it is an essential component of network security, it can also be exploited by hackers to gain unauthorized access to sensitive information. In this article, we will take a deep dive into one such exploitation technique, AS-REP Roasting. We...
Resource-Based Constrained Delegation (RBCD) is a feature introduced in Windows Server 2012 that allows administrators to configure which accounts are trusted to delegate on their behalf. This type of delegation is more secure than its predecessors, but it can still be abused and used as a means of lateral movement and privilege escalation. In this...
With the increasing use of digital certificates for encryption, authentication, and other security purposes, Active Directory Certificate Services (AD CS) has become a critical component in many enterprise environments. However, the security implications of AD CS have often been overlooked, leaving organizations vulnerable to potential attacks and compromise. In this blog, we will delve into...
Android penetration testing is a crucial aspect of ensuring the security of mobile applications. With the increasing popularity of Android devices and the widespread use of mobile apps, it has become essential to identify and address security vulnerabilities in order to protect sensitive information. In this comprehensive guide, we will learn the importance of Android...
In today’s digital landscape, where cyber threats loom large, organizations increasingly recognize the importance of robust cybersecurity measures. As cyber-attacks continue to rise in frequency and sophistication, it has become crucial for businesses to implement comprehensive security plans. Penetration testing, or pen testing, plays a pivotal role in such strategies, and objective-based penetration testing is...
Penetration testing (pen testing) and bug bounty programs are two popular methods of ensuring the security of the digital assets of a business. While both methods aim to identify vulnerabilities, they differ in scope, approach, and engagement. In this blog, we will discuss pen testing vs. bug bounty program, along with their scope and methodology...
Active Directory (AD) is integral to many organizations’ IT infrastructures, serving as the repository of user identities, computer accounts, and network resources. However, due to its wide scope and complexity, AD can present serious security risks which must be managed appropriately. In this blog, we will look at some of the best practices for securing...
OSINT, also known as Open Source Intelligence, plays a pivotal role in this process by gathering and analyzing publicly accessible information from diverse sources. Unlike traditional intelligence-gathering approaches that rely on classified or proprietary data, OSINT harnesses the wealth of information available in the public domain. In this blog, we will examine how by encompassing...
