Open in app

Sign in

Write

Sign in

Root ♊
Root ♊

684 Followers

Home

About

2 days ago

Pentesting with Secure LDAP and LDAP Channel Binding

It’s not often where I encounter secure LDAP that is in use but in this post I am covering initial access and privilege escalation methodologies since some offensive pentesting packages will be broken in this scenario and its extremely important to have a number of methods and toolkits to successfully…

6 min read

Pentesting with Secure LDAP and LDAP Channel Binding
Pentesting with Secure LDAP and LDAP Channel Binding

6 min read


Nov 11

Notes: Manual Exploitation of Atlassian Confluence

Note: This process preserves existing admin accounts. Verify Version 2. Insert the following into the URL to do a reset on an administrator account: server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=false

2 min read

Notes: Manual Exploitation of Atlassian Confluence
Notes: Manual Exploitation of Atlassian Confluence

2 min read


Aug 24

Azure AD Security Defaults/MFA Bypass with Graph API

If you are an Azure AD free customer you should at least know of the setting called security defaults. Security defaults are for Azure AD Free customers that are not on a P1 or P2 licensing model. If you want to read more about security defaults you can do so…

4 min read

Azure AD Security Defaults/MFA Bypass with Graph API
Azure AD Security Defaults/MFA Bypass with Graph API

4 min read


Jul 16

Hacking Active Directory with Sliver C2

This box (Access) is well known (or atleast should be) in Offsec Proving grounds. I decided to revisit this active directory box as a refresher for the OSCP exam as it contains multiple lateral movement paths. What I am disclosing isn’t new. …

11 min read

Hacking Active Directory with Sliver C2
Hacking Active Directory with Sliver C2

11 min read


Jul 12

Microsoft Entra Resources

This is really just a placeholder for me and future research, but in the meantime enjoy. Just a quick run down of Microsoft resources from all the announcements today: Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID |… Microsoft Entra is unifying identity and network access with a new Security Service Edge solution and more identity…www.microsoft.com Azure AD is Becoming Microsoft Entra ID Today we announced significant milestones for identity and network access, including the news that Microsoft Azure…techcommunity.microsoft.com

1 min read

1 min read


May 10

Updated: Bypassing Microsoft Token Protection

So very recently I wanted to look at token protection mechanisms that Microsoft recently put into preview. You can find documentation on how to build conditional access policies below: Token protection in Azure AD Conditional Access - Microsoft Entra Token protection (sometimes referred to as token binding in the industry) attempts to reduce attacks using token theft…learn.microsoft.com So a few things to take note of and expected limitations at the time of this writing.

5 min read

Updated: Bypassing Microsoft Token Protection
Updated: Bypassing Microsoft Token Protection

5 min read


Feb 23

Offensive/Defensive Measures for Azure IPv6 support

Microsoft recently announced it would be officially supporting IPv6 for Azure AD services starting at the end of March 2023. …

6 min read

Offensive/Defensive Measures for Azure IPv6 support
Offensive/Defensive Measures for Azure IPv6 support

6 min read


Jan 1

Abusing SeBackupPrivilege

Want to natively abuse SeBackupPrivilege to a domain controller and backup ntds.dit and extract hashes offline? (using kali) Here are my notes: Modify the contents of /etc/samba/smb.conf to the following: [Global] interfaces = tun0 (modify to vpn adapter only if needed) [smb] comment = Samba path = /tmp/ guest ok = yes read only…

2 min read

Abusing SeBackupPrivilege
Abusing SeBackupPrivilege

2 min read


Oct 14, 2022

HTB: Scrambled Walkthrough

I really enjoyed working on this active directory box as hacking an AD environment with NTLM authentication turned off gives a unique perspective of learning how to troubleshoot native default tools on kali linux. It also gets you more comfortable with impacket usage and how to query ldap with certificates…

9 min read

HTB: Scrambled Walkthrough
HTB: Scrambled Walkthrough

9 min read


Sep 24, 2022

Tryhackme:Vulnnet Walkthrough

TryHackMe | VulnNet: Endgame Hack your way into this simulated vulnerable infrastructure. No puzzles. Enumeration is the key.tryhackme.com This is a small hacking adventure into Vulnnet. I may have gotten more than I bargained for when I choose to hack this box because there were parts of this box I got stuck on and had to take a small hint to carry on. …

12 min read

Tryhackme:Vulnnet Walkthrough
Tryhackme:Vulnnet Walkthrough

12 min read

Root ♊

Root ♊

684 Followers

It's 2016 and all I found was Toilets running Telnet...using shodan

Following
  • InfoSecSherpa

    InfoSecSherpa

  • Wil Wheaton

    Wil Wheaton

  • Cloudflare

    Cloudflare

  • Matt Nelson

    Matt Nelson

  • Andy Robbins

    Andy Robbins

See all (128)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams