I began this engagement by conducting an Nmap scan to identify open ports on the target. The results revealed several ports in use, including ports 88 (Kerberos), 135 (RPC), 389 (LDAP), and 445 (SMB), which strongly suggested the target was a Windows Domain Controller. Focusing on port 445, I started enumerating Read more
Hackers often seek to steal a variety of personal and sensitive information for malicious purposes such as identity theft, financial fraud, or unauthorized access. Here’s a list of key pieces of information hackers typically target:
In the world of cybersecurity, penetration testers are constantly probing and testing networks to identify vulnerabilities before they can be exploited maliciously. Among the plethora of tools at their disposal, EyeWitness emerges as a powerful ally, enabling testers to visualize the interfaces of web servers, making it easier to identify Read more
I came across a cool Firefox extension in the Practical Bug Bounty course by TCM Security. This extension is called Firefox Multi-Account Containers by Mozilla Firefox. This extension will enable you to have separate Firefox browser sessions in one web browser. This can come in handy for penetration testing or Read more
nd threats within an application, system, or network. It involves systematically analyzing the architecture, components, and data flows to understand how attackers might exploit weaknesses. Threat Modeling in Penetration Testing 1. Scope Definition: 2. Gather Information: 3. Identify Assets and Data Flows: 4. Decompose the System: 5. Identify Threats: 6. Read more
Kerberoasting is a popular attack technique used by cybercriminals to exploit the Kerberos protocol in Windows Active Directory environments. This blog post will discuss the inception of kerberosting, its impact on Active Directory environments, and the steps penetration testers take to use this technique in their assessments. We’ll delve into Read more
DOM-based cross-site scripting (XSS) is a type of web vulnerability that allows an attacker to inject malicious code into a web page. The code is then executed by the browser, allowing the attacker to steal sensitive information, modify the content of the page, or redirect the user to a malicious Read more
This week I am working on the Windows Events room by Tryhackme. Per Wikipedia, “Event logs record events taking place in the execution of a system to provide an audit trail that can be used to understand the activity of the system and to diagnose problems. They are essential to Read more
“Burp Suite is a framework of web application pentesting tools, it is widely regarded as the de facto tool to use when performing web app testing.” Source: https://tryhackme.com/room/rpburpsuite I am using the “Burp Suite” room from TryHackme to build this resource. Burp Suite is pre-installed on Kali Linux, if you’ll Read more
https://tryhackme.com/path/outline/presecurity TryHackMe.com has an awesome new Learning Path that can take you from curious to ready-to-learn specialized cybersecurity content. The Pre Security learning path will easily make you familiar with the basics including Network Fundamentals, How the Web Works, Linux Fundaments, and Windows Fundamentals! The combination of networking, web, and Read more