Lateral movement in red teaming is all about moving between targets in the environment to reach the objective. Password When you find a password you can pass it to different services to check if you can get it. In this article we’ll be going through a few of them. WinRM WinRM is a management protocol…
When developing malware/red teaming tools, it’s often needed to dynamically execute code inside a program. For example executing python code inside a python file. The reason that it’s needed is for evasion, is because when the code is being loaded like that, it resides in memory so AV/EDR has more overhead when examining the process….
Last year ransomware scammed more than 10 billion dollar from various organizations and users. We decide in this document research methods from seller to end client. This report was made by the Hadess and data comes from various sources such as: Dark Web , Deep Web Forums, Sellers and Websites. Summary of Finding Abbrev. Wallet…
DACL abuse is about taking advantage of the DACL that is assigned to us on any object that we can abuse. Some mischief that can be done may be changing a user’s password, adding yourself to a group like Domain Admins, granting yourself full control over an object and many more. DACL abuse can be…
Pwning the Domain: Kerberos Delegation In this article we’ll talk about Kerberos Delegation and how to abuse it in various ways and escalate our privileges. What is Kerberos delegation? Kerberos delegation is a type of credential delegation that is used for securely delegating a user’s credential form a client application to a target server application….
The integration of Large Language Models (LLMs) into online platforms presents a double-edged sword, offering enhanced user experiences but also introducing security vulnerabilities. Insecure output handling is a prominent concern, where insufficient validation or sanitization of LLM outputs can lead to a range of exploits like cross-site scripting (XSS) and cross-site request forgery (CSRF). Indirect…
Domain Account After getting access to a domain account, there are a variety of things that can be done including but not limited to: domain enumeration, Kerberoasting, coercion, etc. Enumeration There are many options for enumerating the domain once you have an account: BloodHound BloodHound is a go-to tool when it comes to enumeration in…
Reconnaissance Reconnaissance is an important step when engaging in a red teaming/penetration testing assessment. It may provide you the information you need later on while it may not seem so important in the meantime, For example you may stumble upon a username which you can make use of when brute forcing or using it in…
Enter Yak Lang, a language designed to address the evolving needs of security practitioners and organizations. As technology advances and the scope of security projects expands, there is a growing necessity for languages that excel in both efficiency and suitability for product distribution, engineering research and development, and platform building. This is where Golang has…
Introduction Bitbucket, a widely used Git repository management solution, provides a platform for developers to manage and collaborate on code. However, its extensive functionality and integration capabilities also present numerous attack vectors and surfaces that adversaries might exploit. This APT report outlines potential attack vectors and surfaces within Bitbucket, focusing on the data pipeline, active…
Account Creation in Linux Linux operating system can usually have two types of account “Root” and “User” account. There are two usually two ways to manipulate the Accounts to maintain the persistence access to the machine : User Account Creation If we (attacker) has compromised the host and want to maintain the persistence access by…
Android shims are small libraries that act as compatibility layers between different versions of the Android operating system. They allow developers to call newer Android APIs on older platform versions that don’t natively support those APIs. Shims provide backward compatibility by implementing newer APIs on top of older platform functionality. This enables apps built with…