I began this engagement by conducting an Nmap scan to identify open ports on the target. The results revealed several ports in use, including ports 88 (Kerberos), 135 (RPC), 389 (LDAP), and 445 (SMB), which strongly suggested the target was Read more
Hackers often seek to steal a variety of personal and sensitive information for malicious purposes such as identity theft, financial fraud, or unauthorized access. Here’s a list of key pieces of information hackers typically target:
Cybersecurity can often feel overwhelming, especially for those without a technical background. However, the Center for Internet Security (CIS) has created a set of guidelines known as the CIS Critical Security Controls (CIS Controls) to help organizations of all sizes Read more
In the world of cybersecurity, penetration testers are constantly probing and testing networks to identify vulnerabilities before they can be exploited maliciously. Among the plethora of tools at their disposal, EyeWitness emerges as a powerful ally, enabling testers to visualize Read more
I came across a cool Firefox extension in the Practical Bug Bounty course by TCM Security. This extension is called Firefox Multi-Account Containers by Mozilla Firefox. This extension will enable you to have separate Firefox browser sessions in one web Read more
SSL Certificates to TLS Certificates SSL (Secure Sockets Layer) certificates, now more commonly referred to as TLS (Transport Layer Security) certificates, are digital certificates that facilitate secure, encrypted communication over the internet. They play a vital role in protecting sensitive Read more
I provide live instructor-led cyber defense training. The outline of the course is detailed below. Contact me for more information or to schedule a training. I. IntroductionA. Importance of online securityB. Overview of the training topics II. Understanding the BasicsA. Read more
nd threats within an application, system, or network. It involves systematically analyzing the architecture, components, and data flows to understand how attackers might exploit weaknesses. Threat Modeling in Penetration Testing 1. Scope Definition: 2. Gather Information: 3. Identify Assets and Read more
Eternal Blue, a powerful hacking tool developed by the National Security Agency (NSA), has made headlines over the past few years for its involvement in some of the most destructive cyber attacks in history. The leaking of this sophisticated cyber Read more
Kerberoasting is a popular attack technique used by cybercriminals to exploit the Kerberos protocol in Windows Active Directory environments. This blog post will discuss the inception of kerberosting, its impact on Active Directory environments, and the steps penetration testers take Read more