Many organisations “lock-down” their desktop environments to reduce the impact that malicious staff members and compromised accounts can have on the overall domain security. Many desktop restrictions can slow down a threat actor but it’s often possible to “break-out” of the restricted environment. Both assessing and securing these desktop environments can be ...
I posted earlier about Privilege Escalation through Unquoted Service Paths and how it’s now rare to be able to exploit this in the real world due to the protected nature of the C:\Program Files and C:\Windows directories. It’s still possible to exploit this vulnerability, but only when the service executable is installed outside of these protect ...
I posted recently about calculating subnets and CIDR notation quickly, but I didn’t mention in that post host to quickly get the Network ID, first host and Broadcast address for a subnet given an awkward address. This is another easy trick that covers that! If it’s a simple, classful, address then ...
One method for escalating permission from Local/Domain User to Local Administrator, is “Unquoted Service paths”. In my experience finding unquoted service paths is a common occurrence, however actually being able to exploit them is not. In this article we’ll explore how to find these issues and how to quickly determine ...
Whilst Hashcat is often provable faster than John the Ripper, John is still my favourite. I find it simple to use, fast and the jumbo community patch (which I recommend highly) comes packed with hash types making it a versatile tool. One of the features of these tools, which is often unknown or at ...
I’ve written a few articles recently about methods of escalating privileges on Windows machines, such as through DLL Hijacking and Unquoted Service Paths, so here I’m continuing the series with Privilege Escalation through Insecure Service configurations. This one’s pretty simple issue really, generally speaking it’s simply a matter of altering ...
Same-Origin Policy (SOP) is a critical part of the security implemented within a web browser. It’s the part of your browser’s security system that prevents malicious pages from reading confidential information from other sites. So thepiratebay.com can’t read data from barclays.com because it’s blocked by SOP. The way that it ...
Transport Layer Security (TLS), and its deprecated predecessor Secure Sockets Layer (SSL), are protocols that can be used to protect information in transit – and are the underlying protocols used by HTTPS to protect web traffic. They are designed to prevent a threat actor who is able to intercept messages from being ...
In my experience Insecure Direct Object Reference is one of the least well known vulnerabilities out there, but it’s a very simply issue to explain. It’s a vulnerability that generally leads to loss of confidential data but can result in the less of modification of data too. Consider a URL ...
Play | Cover | Release Label |
Track Title Track Authors |
---|