It is evident that with the advancement of technology, the risks associated with it have also increased. Cybercriminals are always on the lookout for new ways by which they can exploit the system and gain unauthorized access to sensitive data. Penetration testing and red teaming come into play here. Both techniques identify vulnerabilities in a...
In our previous blog post, we discussed the Kerberos authentication and authorization mechanism and a few of their exploits. We also discussed PAC’s significance and how it affects user authorization. In this blog, we will dive deeper into PAC exploits and how attackers can use the PAC in different ways to escalate their privileges in...
Kerberos Delegation is a powerful authentication mechanism that allows users and services to securely access resources in an Active Directory environment. Topics covered: Basic principles of Kerberos Delegation Types of delegations, their configuration and how they work Exploiting constrained delegation By exploring these topics one by one in our blog, you’ll...
As discussed in the Active Directory Basics blog, Kerberos is an authentication mechanism used to authenticate users and services. The two main components of Kerberos are: Authentication Server (AS), which authenticates user and grants Ticket Granting Ticket (TGT) Ticket Granting Server (TGS), which issues the service tickets (TGS) The main goal of an attacker is...
What is Phishing? Phishing is a social engineering attack used to obtain user information such as login credentials and credit card information. It happens when a malicious actor pretends to be someone or something trustworthy to trick a victim into opening an email, IM, or text message. Scenario Consider a small business with 30 employees that...
Even though the usage of IPv6 is gaining traction, it is rare to find an organization using it in its network. Most people do not realize that although most organizational networks communicate using IPv4, Windows versions since Windows Vista enables IPv6 by default and prefers it over IPv4. We are exploiting this functionality to gain...
There are situations where On-site penetration testing is not always feasible. It’s better to go for a remote “pentest dropbox” in such cases. The pentest dropbox, in this context, is a Raspberry Pi 4 which is shipped to a remote customer/client. The client will either connect the dropbox to an ethernet port or set the...
In Part 1 of our Antivirus Evasion series, we managed to get a meterpreter reverse shell while evading Windows Defender by writing an .exe file to disk and then executing it. Malware can also be run entirely in memory to avoid leaving any data on disk. One way to do this is by utilizing .NET...
Antivirus Evasion in general use signature-based and heuristics-based malware detection mechanisms. In this blog, we will learn and test some techniques to try and bypass such defences, and to get a fully functional meterpreter reverse shell from an updated Windows Server 2016 running Windows Defender. We will be utilizing multiple win32 APIs using C# and...
