Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon. PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. Learn […]
Active Directory Network Recon using PowerView
Purple AD – Active Directory Lab Environment
Playing around with an Active Directory environment is fun. Whether we do it as sysadmin or security researcher, we need a lab environment to work with. The following video provides an overview of the AD lab I have built using my computer systems. I will be using this lab in further Purple AD posts to […]
Web App Pentesting using BodgeIt Store (Part 1)
This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub. A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ What is BodgeIt Store? A vulnerable web application aimed at […]
Mona.py for exploit devs: 6 must know commands
When it comes to exploit development for Microsoft Windows, Mona.py is the go to library for most security researchers. In this post I list six commands that I use often. Watch the video for demonstration. What is Mona.py? A pycommand for Immunity Debugger, designed and developed to aid the exploit development process Automates various tasks […]
Understand and restrict admin access in your organization
In today’s time, providing users with unjustified administrator access on their work systems, could lead to significant business loss. A careless user may download a benign looking file and the next moment you may find yourself battling an organization wide ransomware attack. Here’s a quick guide for small business owners on how to tame this […]
SLAE: Assignment #5.3
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: Contents of file /etc/issue: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint at code […]
SLAE: Assignment #5.2
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: /etc/passwd file before executing the shellcode: Testing shellcode with run_shellcode.c Let’s analyze the shellcode with gdb: Placed a breakpoint […]
SLAE: Assignment #5.1
Assignment Task: Take up at least 3 shellcode samples created using msfvenom for linux/x86 Use GDB/Ndisasm/Libemu to dissect the functionality of the shellcode Present your analysis Shellcode chosen: Shellcode options: Command to generate shellcode: Generated shellcode: File permission before exectuing the shellcode: Testing shellcode with run_shellcode.c Chmod system call details: The chmod system call takes […]
SLAE: Assignment #4
Assignment Task: Create a custom encoding scheme, similar to “Insertion Encoder” PoC with using execve-stack as the shellcode to encode with schema and execute The encoding scheme chosen for this assigmnet is AddWelve encoding scheme. It is a variant of caesar cipher in which the byte is shifted forward 12 bytes. The algorithm is as […]
SLAE: Assignment #3
Assignment Task: Study about the Egg Hunter shellcode Create a working demo of the Egghunter Should be configurable for different payloads About Egg Hunters Egg Hunter is a mechanism to locate a piece of code in an application’s Virtual Address Space (VAS). This technique is primarily used in exploits where the accessible buffer space is […]
- « Previous Page
- 1
- 2
- 3
- 4
- …
- 8
- Next Page »
