Walkthrough of Breaching Active Directory on TryHackMe coving topics of Rough LDAP Servers to capture Credentials, Authentication Relays using Responder and Recovering image passwords within PXE Boot Images from Microsoft Deployment Toolkit.
Using remote command execution on vulnerable Java Spring framework which affect a component of framework called “Spring Cloud Functions”. The secondary portion of vulerability affects “Spring Core” which leans on the (Log4Shell) and is named “Spring4Shell”.
Pivoted through a network and compromising a public facing web machine and proceeding to tunnel traffic to access other machines in Wreath’s network. Focus on full scope penetration test incorporating the Empire C2 Framework.
Using Suricata and Zeek data within BRIM to analyze a suspected malware compromise to a device on the network with no initial information to go off. Discovering the compromised machine along with the attacker’s devices within data streams. Deep dive into packet analyses.
Stepping through understanding padding on block cipher algorithms AES, 3DES in Electronic Code Block (ECB and Cipher Block Chaining (CBC) modes. Decryption of session cookie is of a vulnerable webapps via Oracle Attack.
Continuing Cloud Pentesting the second version of flaws included tactics for engaging AWS cloud infrastructure. Identify AWS Services, Container Environment Variables and accessing Metadata Services.
Cloud pentesting using the AWS platform and flaws web series to work through insecure S3 Buckets, Authentication, Metadata Services and accessing EC2 Instances.
With CVE-2021-44228 vulerability (Log4Shell) posing a major threat to Java applications hosted on the internet with a CVSS score of 10.0 critical designation. Remote code execution can be accomplished by taking advantage of a Java Naming and Directory Interface (JNDI) within Log4j logging packages. Solar provides a test scenairo for exploitation of vulnerability.
Journey and review of accomplishing the Offensive Security Certified Professional Exam (OSCP). Documenting the ups and downs creating an attack plan and colminating in achievement.
Bypass AppLocker whitelisting and capture Kerberos tickets to escalate attack. Technical walkthrough of completing Corp Room on the TryHackMe platform.