Steganography for CTF
Using Steganography Tools in CTFs: Extracting Hidden Flags with Steghide Capture The Flag (CTF) competitions often require participants to solve a variety of challenges, and one common type involves steganography, the art of concealing data within seemingly innocuous files, such as images. In this blog, we will explore how to use steghide a popular steganography […]
Kerberoasting: An Offensive Playbook
Active Directory, a cornerstone of many networks, is riddled with complexities and nuances. It is these intricacies that give birth to vulnerabilities like Kerberoasting. This article aims to provide a detailed, hands-on guide to Kerberoasting for Capture The Flag (CTF) enthusiasts. Let it serve as a touchstone during your challenges. Kerberos and SPNs Kerberos A […]
Privilege Escalation Techniques
A cheat sheet to assist in efficient privilege escalation techniques across various systems. Linux Always check Scripts linPEAS GTFOBins Window Unquoted Service Paths Scheduled Tasks and Services Weak File/Folder Permissions Stored Credentials Windows Credential Manager SAM NTDS.dit Directories Pagefile.sys and Hiberfil.sys
Heartbleed for Attacking OpenSSL
HeartBleed is a bug in the OpenSSL library that allows users to access restricted memory addresses on a server. This enables unprivileged users to reach data to which they wouldn’t usually have access. This data includes confidential information such as usernames and passwords, along with a server’s private key. Preface Let’s quickly define a few […]
HSM Crash Course
A Hardware Security Module (HSM) is a tamper-resistant, security-hardened device used to ensure the integrity of cryptographic operations. HSMs generate, protect, and manage keys used for encrypting data. They also create and preserve digital signatures and facilitate certificate management. HSMs provide a secure environment to perform cryptographic operations that are certified to meet FIPS and […]
Netcat: The Swiss Army Knife
In the toolbox of every security researcher, penetration tester, and cybersecurity enthusiast, there’s a tool that stands out due to its versatility and power: Netcat. Often dubbed the “Swiss Army Knife” of networking, Netcat offers functionalities that range from basic network diagnostics to complex penetration testing tasks. This article delves deep into Netcat, highlighting its […]
Metasploit for Penetration Testing
In the realm of cybersecurity, knowledge is power. For professionals aiming to protect systems, understanding the tools and techniques that hackers might employ is crucial. This knowledge allows them to safeguard networks, applications, and systems more effectively. Among the suite of tools available to cybersecurity professionals, Metasploit stands out as one of the most potent […]
HTML Injection – Platform for Phishing Users
HTML Injection is a type of attack that allows a malicious user to inject arbitrary HTML content into a site’s webpage. HTML injection is comparable to a limited XSS attack where malicious users can only enter HTML tags. When a web application does not properly handle user input, attackers can supply valid HTML code, adding […]
Understanding Directory Traversal
Directory Traversal attacks, also known as path traversal attacks or dot-dot-slash attacks, pose a serious threat to the security of web applications. These attacks exploit vulnerabilities in file and directory access controls, allowing attackers to navigate outside the intended directories and potentially access sensitive information. In this comprehensive guide, we’ll delve into the intricacies of […]
Riddles and Recon: Cybersecurity
When venturing into the realm of Capture The Flag (CTF) challenges, it’s often the simpler boxes that impart valuable lessons, especially for newcomers to the world of ethical hacking and cybersecurity. In this blog post, I’ll share my journey through a relatively easy CTF box, highlighting key tactics and techniques that anyone can benefit from. […]