Git is a Version Control System used to track and monitor modifications made in files/folders during application development. Git works by helping developers easily ‘commit’ changes to a source code during development or testing and that then gets ‘pushed’ onto the live application. …

In this blog, we’ll be looking at the USB Rubber Ducky or the BadUSB. We’ll start by an introduction to BadUSBs, what makes USBs “Bad” and then we’ll look at creating our own BadUSB. What is a USB Rubber Ducky (or BadUSB)? USB Rubber Ducky (famously seen in the Mr. Robot TV series) is not a traditional USB…

In this blog, we’ll discuss how service paths can be abused to escalate privileges in Windows systems. As usual, we’ll look at the theoretical aspects of this abuse, and then we’ll have a practical walkthrough of the abuse. In the MITRE ATT&CK Framework, Privilege Escalation is listed as an Enterprise…

In this blog, we will have an in-depth look at BloodHound. We will start by discussing what BloodHound is, how to install and configure it, and finally what can a potential attacker achieve with BloodHound. What is BloodHound? BloodHound is a JavaScript based web application that is compiled with Electron and uses Neo4j…

In this blog, we will be discussing the basics of exploit development by exploiting a stack overflow vulnerability in a simple application. We will look at a simple memory structure, program execution in memory, causes of buffer overflow and then finally, as always, a practical demonstration of the attack. What is Buffer Overflow? Buffer…

In this blog, we will be focusing on abusing the Replication of Directory Services feature of an Active Directory environment. As always, we will first discuss the Directory Services Replication feature of Active Directory and then we will walkthrough both the theoretical and practical aspects of the abuse. DCSync Attack…

This attack targets the Kerberos Authentication Protocol in an Active Directory environment, and attempts to retrieve the service accounts’ passwords or tickets that can then be cracked offline to reveal cleartext credentials. Kerberoasting has been listed in the MITRE ATT&CK framework as an Enterprise Attack Vector, bearing the ID T1208. …

This attack demonstrates how an attacker can abuse some AD misconfigurations and rights of the DNS Admins group in a Windows environment and can successfully own the Domain Admins, Enterprise Admins or the Domain Controller depending upon where the DNS service is actually configured and running from. By default, Domain…

With the exponential rise in cyber-attacks, and the attackers using defense evading tools and frameworks; it has become important to know the tricks and techniques of the cyber offenders and the arsenal that attackers may use to exfiltrate data from, or penetrate into, a compromised system. We’ll be looking into…