Posted in: Docker Penetration Testing

A Complete Guide to Installing Docker on Kali Linux

Docker is a popular containerization platform used for deploying and running applications in a portable and efficient manner. In this article, we will guide you through the process of installing Docker on Kali Linux, a popular operating system used for penetration testing and ethical hacking. Docker is a powerful tool for containerization, enabling developers to […]

Posted in: Red Team

Red Team Tools

List of tools used by Red Teams Reconnaissance Tool Description Website AWSBucketDump S3 bucket enumeration GitHarvester GitHub credential searcher spoofcheck SPF/DMARC record checker dnsrecon Enumerate DNS records jsendpoints Extract page DOM links Resource Development Tool msfvenom Chimera Initial Access Tool Description Website EvilGoPhish Phishing campaign framework SquarePhish OAuth/QR code phishing framework Bash Bunny USB attack […]

Posted in: Active Directory, All

Kerberoasting with CrackMapExec: A Comprehensive Guide

Kerberoasting is a type of attack that exploits the way Microsoft Active Directory handles service accounts. In this article, we will explore how to perform Kerberoasting with CrackMapExec, a powerful penetration testing tool. We will cover the basics of Kerberos authentication, how Kerberoasting works, and how to use CrackMapExec to extract Kerberos tickets and crack […]

Posted in: Active Directory, Infrastructure

Kerberos Penetration Testing Fundamentals

Today I will write about Kerberos Penetration Testing, which Active Directory uses to manage authentication inside the corporate environments. First a brief explanation about how Kerberos works and what we should know before try to hack Kerberos. How does Kerberos work? Kerberos Components TGT – Ticket Granting Ticket SPN – Service Principals Names are associated […]

Posted in: Network Penetration Testing

SSH Penetration Testing Fundamentals

Welcome, today I am writing about SSH Penetration Testing fundamentals describing port 22 vulnerabilities. SSH security is one of the topics we all need to understand, remote access services can be an entry point for malicious actors when configured improperly. Understand SSH Protocol Understanding how SSH works are out of scope, here I assume you […]

Posted in: Infrastructure, All

Infrastructure Penetration Testing: A Comprehensive Guide

Infrastructure Penetration Testing is a critical aspect of any organization’s security strategy. In this article, we will cover everything you need to know about Infrastructure Penetration Testing, including the different types of attacks and technologies used, as well as best practices for conducting a successful penetration test. Today I am writing about Infrastructure Penetration Testing […]

Posted in: Active Directory

Understanding the Active Directory Pass the Hash Attack

The Active Directory Pass the Hash (PtH) attack is a type of credential theft attack that allows an attacker to bypass authentication measures and gain unauthorized access to systems. In this attack, the attacker steals the hash of a user’s login credentials from one system and uses it to authenticate to another system without the […]

Posted in: CrackMapExec, Penetration Testing Tools

CrackMapExec SMB: Hacking Samba service

Mapping/Enumeration Credential Gathering Dumping SAM database Dumping LSA Database Dumping NTDS – DRSUAPI Dumping NTDS – VSS Spidering Hacking Authentication brute force passwords Pass the Hash Password Spraying Managing Files Remote Command Execution Powershell Obfuscation Reverse Shells CrackMapExec Samba Modules

Posted in: Active Directory

Active Directory Password Cracking with HashCat

Learn how to crack Active Directory Passwords using Hashcat Crack LM Hashs LM hash is used by Microsoft LAN manager used on old versions, which is totally insecure. We can crack LM with hashcat using: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases […]

Back to Top