This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack. The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature: Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization. Initial Compromise […]
Red Team Operations Attack Lifecycle
Book Review: Web Application Security by Andrew Hoffman
I recently came across this book, Web Application Security by Andrew Hoffman, while searching for material to read on how to secure web applications. There are many books available on this topic. I picked this one specifically because of it’s recent publication date. It was published in March 2020 (about 5 month back, at the […]
PoshC2: A Red Teamer’s Notes
This is an ongoing post containing my notes on PoshC2 usage. What is PoshC2? PoshC2 is a command and control software. It is used to carry out post-exploitation tasks such as persistence, privilege escalation, lateral movements etc. during penetration testing and red teaming exercises. It supports Python3, PowerShell (v2 and v5), C# and C++. The […]
SPN Scanning using ADSI (Part 3)
A Service Principal Name (SPN) is a unique identifier of a service instance. It is used to link an AD object (service accounts, users, computers etc.) with a service. It can be used as an alternative to a port scan in an Active Directory environment. Some common SPNs are: CIFS host HTTP https IMAP mongod […]
ADSISearcher (Part 2)
ADSISearcher is a class for searching for objects in Active Directory. It is part of .NET framework (System.DirectoryServices.DirectorySearcher) and van be accessed via PowerShell by creating object for the above class Example: $adsiSearcherObj = New-Object –TypeName System.DirectoryServices.DirectorySearcher takes the LDAP path to current domain by default Pass ADSI Directory Entry object type as ArgumentList to […]
AD Exploitation using ADSI – Part 1 (Introduction)
Active Directory Service Interfaces (ADSI) – A set of Component Object Model (COM) interfaces for managing Active Directory services. It can be utilized in several scripting and programming languages. Enables reading, adding and managing Active Directory Objects Part of .NET framework: System.DirectoryServices.DirectoryEntry (ADSI) System.DirectoryServices.DirectorySearcher (ADSISearcher) Can be accessed via PowerShell by creating objects for above […]
Active Directory User Enumeration using PowerView
PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. As a pentester, you can leverage PowerView to find out information about domain users. Following commands will help you with that (watch the […]
Active Directory Network Recon using PowerView
Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon. PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. Learn […]
Purple AD – Active Directory Lab Environment
Playing around with an Active Directory environment is fun. Whether we do it as sysadmin or security researcher, we need a lab environment to work with. The following video provides an overview of the AD lab I have built using my computer systems. I will be using this lab in further Purple AD posts to […]
Web App Pentesting using BodgeIt Store (Part 1)
This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub. A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ What is BodgeIt Store? A vulnerable web application aimed at […]
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 8
- Next Page »
