Month: November 2021
-
Kerberoasting
Crack the Kerberos service ticket to obtain the clear text password for the service account. The service ticket is encrypted using the SPN’s password hash.
-
Interview Questions
Practicing responses to common interview questions helps build confidence, enabling you to respond effectively even in high-pressure situations. This preparation ensures that you can articulate your thoughts clearly, providing evidence of your abilities and making a strong case for why you are the ideal candidate for the job.
-
Pass-the-Hash
Pass the hash allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user’s password, instead of requiring the associated plaintext password as is normally the case. It replaces the need for stealing the plaintext password with merely stealing the hash and using that to authenticate with.
-
Protected: MITRE ATT&CK Framework
There is no excerpt because this is a protected post.
-
Unix Insecure file permissions
Privilege escalation techniques on Unix. Exploit insecure file permissions on services that run as root or service accounts with more privileges.
-
Windows Unquoted Service Path
Privilege escalation techniques on Windows.
-
Windows Insecure file permissions
Privilege escalation techniques on Windows. Exploit insecure file permissions on services that run as NT Authority\SYSTEM.
-
User Account Control (UAC) Bypass
Privilege escalation techniques on Windows by bypassing User Account Control (UAC).