Shahrukh Iqbal MirzaOpen-Redirect Vulnerability in Instagram’s Mobile ApplicationIn this blog, I’ll be discussing an Open-Redirect vulnerability that I found out a few days ago in Instagram’s Android Application.4 min read·May 16, 2021--2--2
Shahrukh Iqbal MirzaYour Source Code might be Git’ing Exposed — Hacking Publicly Exposed Git RepositoriesGit is a Version Control System used to track and monitor modifications made in files/folders during application development. Git works by…4 min read·Apr 6, 2021----
Shahrukh Iqbal MirzainSystem WeaknessPwn3d In Seconds — Attack of the Rubber DuckIn this blog, we’ll be looking at the USB Rubber Ducky or the BadUSB. We’ll start by an introduction to BadUSBs, what makes USBs “Bad” and…5 min read·Apr 2, 2021--1--1
Shahrukh Iqbal MirzainSystem WeaknessWalking Along the PATHS of the AdministratorIn this blog, we’ll discuss how service paths can be abused to escalate privileges in Windows systems. As usual, we’ll look at the…6 min read·Apr 2, 2021----
Shahrukh Iqbal MirzaWho let the Dogs Out — Active Directory Domain Enumeration & Exploitation using BloodHoundIn this blog, we will have an in-depth look at BloodHound. We will start by discussing what BloodHound is, how to install and configure it…8 min read·Apr 2, 2021----
Shahrukh Iqbal MirzaHow to Exploit a Simple Stack-Based Buffer Overflow VulnerabilityIn this blog, we will be discussing the basics of exploit development by exploiting a stack overflow vulnerability in a simple application…9 min read·Apr 1, 2021----
Shahrukh Iqbal MirzaLet the Secrets “SYNC” In — The DCSync AttackIn this blog, we will be focusing on abusing the Replication of Directory Services feature of an Active Directory environment. As always…4 min read·Apr 1, 2021----
Shahrukh Iqbal MirzaRoasting the Three-headed Guard of Active Directory — KerberoastingThis attack targets the Kerberos Authentication Protocol in an Active Directory environment, and attempts to retrieve the service…8 min read·Apr 1, 2021----
Shahrukh Iqbal MirzaAbusing the Rights and Privileges of DNS Admins to Own the Domain ControllerThis attack demonstrates how an attacker can abuse some AD misconfigurations and rights of the DNS Admins group in a Windows environment…5 min read·Mar 31, 2021----
Shahrukh Iqbal MirzaATTACKING WINDOWS 10 USING MIMIKATZWith the exponential rise in cyber-attacks, and the attackers using defense evading tools and frameworks; it has become important to know…4 min read·Mar 30, 2021--1--1