Aug 20, 2023
Red TeamLinux Post Exploitation
Tool Link: https://github.com/z-r0crypt/SSSD-extract Using this tool it is possible to extract Active Directory accounts hashes when credential caching is enabled in SSSD. Also it fetches any user and group accounts cached in the SSSD database which could be usefull in post-exploitation activities.
zsh sssd-extract.sh [$FolderPath] Without input arguments it takes the SSSD default path “/var/lib/sss/db/” but you can use a different one. If tdbdump is not installed it just lists the ldb files which contain the hashes, you can install it apt install tdb-tools or exfiltrate these files:
More →
Apr 27, 2023
Red TeamDefense Evasion
List of HTB (Hack the Box) Machines to prepare for OSEP Exam (PEN-300) by offensive security
More →
Jan 25, 2021
WebExploit Development
Command Execution exec - Returns last line of commands output passthru - Passes commands output directly to the browser system - Passes commands output directly to the browser and returns last line shell_exec - Returns commands output \`\` (backticks) - Same as shell_exec() popen - Opens read or write pipe to process of a command proc_open - Similar to popen() but greater degree of control pcntl_exec - Executes a program PHP Code Execution Apart from eval there are other ways to execute PHP code: include/require can be used for remote code execution in the form of Local File Include and Remote File Include vulnerabilities.
More →
Feb 5, 2020
CryptographyBlock Cipher
Using Block Ciphers Modes of operation: One time key Security for one time key ECB (Electronic Code Book) - One time key Deterministic counter mode from a PRF F (eg. AES) - One time key Modes of operation: Many time key CBC (Cipher Block Chaining with a random IV) - Many time key (CPA security) IV (Initialization Vector) IV-based encryption Nonce-based encryption Padding Randomised Counter-mode (CTR) (superior to CBC) Coparison: CTR vs CBC Using Block Ciphers Modes of operation: One time key Goal: Build a secure encryption from a secure PRP
More →
Feb 3, 2020
CryptographyBlock Cipher
Block Ciphers Pseudo Random Function (PRF) Pseudo Random Permutation (PRP) Secure PRF PRF => PRG Data Encryption Standard DES: Core Idea - Feistel Network DES is a 16 round Feistel network The Function F(k_i, x) S-boxes Exhaustive search on DES Strengthening DES against ex. search Method 1: Triple DES Method 2: DESX Attacks on the implementation of the block ciphers Side channel attacks Fault attacks Conclusion on implementation attacks Attacks on block ciphers Linear and differential attacks Quantum attacks Advanced Encryption Standard (AES) Block Cipher History Design How to use AES Attacks on AES Building Block Ciphers from PRGs Notes and Review Block Ciphers A block cipher maps n bits of inputs to n bits of output.
More →
Jan 22, 2020
WebExploit Development
This post contains all trainings and tutorials that could be useful for offensive security's OSWE (WEB-300) certification. I will be updating the post during my lab and preparation for the exam.
More →
Nov 25, 2019
CTFReverse Engineering
Introduction In this post I will share my learnings and research work done during microcorruption CTF challenge.
What is Microcorruption? It’s an embedded security CTF challenge where you are given a debugger and a device (a smart lock), you will be given different levels of challenges to unlock the device, find flgs, find code vulnerabilitys, memory corruption bugs etc.
You’ll use the debugger to reverse-engineer the code for each level.
More →
Nov 24, 2019
CryptographyStream Cipher
Week 1. This week’s topic is an overview of what cryptography is about as well as our first example ciphers. You will learn about pseudo-randomness and how to use it for encryption. We will also look at a few basic definitions of secure encryption.
History Discrete Probability Birthday paradox Stream Ciphers Information theoretic security Stream Ciphers PRG Attacks on OTP / stream ciphers Modern broken stream ciphers Better modern stream cipher Let’s do some Salsa!
More →
Nov 11, 2019
Infosec
Welcome!
In this site I will be sharing my learning and experiences i gained during a pentest, a CTF, wargame or any security challenges, basically everything i learn or want to learn. Hoping to help someone in similar situations and get feedback from you!