-
Back 2 Basics: /dev/tcp
Yesterday, on October 14th, 2023. I was a visiting speaker at a college. In post discussions with a lot of students, I asked something very interesting which came to my mind at that moment. What if you didn’t have nmap, ncat, netcat, telnet in a machine; how would you enumerate a port looking for lateral…
-
Kerberos Part 1: How it Works
Today we start with a new series of blog posts, namely, active directory components. In this three part series on Kerberos, we’ll be talking about it’s three heads: Part 1: What Kerberos is and how it works? Part 2: The notorious techniques of kerberoasting and ticketing attacks (golden and silver tickets) Part 3: Attempting to…
-
OAuth 2.0 – Part Three
Hello everyone, in this final installation of the OAuth blog series, we’ll be covering two vulnerabilities in the OAuth implementation. If you haven’t checked out the previous parts you can check out part one here and part two here. Before we get started, a big thanks to PortSwigger and their Web Security Academy Labs! The…
-
Zero-Trust 101
Zero-Trust is an up and coming security concept which says a simple thing: “Continuously validate all users, against set security configurations, before they are being granted permissions or are allowed to keep their existing access to resources & information”. This architecture assumes there is no implicit trust granted to assets or user accounts based solely…
-
OAuth 2.0 – Part two
Continuing our previous post, where we discussed the basics of how OAuth 2.0 authentication worked, some known issues which arise due to either lack of understanding of the framework itself, or poor configuration of the same. In this blog, we’ll talk a little bit in detail of the vulnerabilities we had previously discussed. Vulnerabilities in…
-
OAuth 2.0 – Part one
At least once till date, you must’ve come across sites that let you log in using your social media account [Facebook, LinkedIn, Google & various such platforms] The chances are that this feature is built using the well known OAuth 2.0 framework. This framework is liked by Pentesters because it is; Extremely common. Vulnerable due…
-
PowerShell History File
Hello everyone, we are all aware about Linux systems, its .bash_history and how it provides information about file locations, passwords passed in command arguments, a variety of scripts and so on. But did you know, something similar to it now also exists in PowerShell? That’s precisely what I will be sharing about in today’s blog…
-
Too Sticky for a Note
Hello everyone, A little over a week ago, we discussed about how we can leverage the saved state of deleted file left in the recycle bin and grab it for content in a data exfiltration scenario. You can read more about it here. Today, I want to share with you yet another data exfiltration possibility. It…
-
“Bin” There, Exfilled That
Hello everyone. Today, I want to share with you another data exfiltration possibility. The last time, we discussed about how we can leverage the saved state of “temporary” files created by modern day editors, you can read about it here, if you haven’t already, do check it out! Just last night, I was going through…
-
Peeking Under the Hood of Modern Day Editors
Hello everyone, it’s been a while since my last post, almost a year actually. I got caught up with some real world stuff like working, studying and it did not leave me with much time to write blogs. So without further ado, let us get into this one. So it all began while discussing red…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
acc3ssp0int 