Access control is a critical component of network security because it prevents unauthorised access to important resources. Microsoft’s Active Directory (AD), a popular directory service, offers a comprehensive set of tools for managing access rights and permissions. Resource-Based Constrained Delegation (RBCD), which provides improved control over user delegation and access inside an AD environment, is one of these features. We ...
what is delegation? In Active Directory (AD), delegation refers to the process of granting specific permissions to users or groups so that they can perform certain administrative tasks within the AD environment without having full administrative privileges. This allows organizations to distribute administrative tasks across different individuals or teams, reducing the burden on central administrators and providing more granular control ...
Welcome, fellow digital explorers! Today, we’re diving headfirst into the fascinating world of Kerberos authentication—a bit like unlocking the secrets of a mythical three-headed dog guarding our digital gates. You see, Kerberos isn’t just your run-of-the-mill network protocol; it’s more like your tech-savvy best friend, ensuring only the right folks get access to the good stuff in our online playground. ...
Table of Contents OverviewImproper Credential UsageInsecure Authentication/AuthorizationTesting for Insecure AuthenticationFurther References Overview In this blog post, we’ll be taking a deep dive into the OWASP (Open Web Application Security Project) Mobile Top 10 – a crucial list of the most pressing security risks facing mobile applications today. By understanding these vulnerabilities, we can better prioritize our security efforts and ensure ...
SSRF stands for Server Side Request Forgery. It is a type of web application vulnerability that allows an attacker to send a crafted request from the vulnerable server to other internal or external systems. It’s a server side attack that leads to sensitive information disclosure from the back-end server of the application. SSRF attacks can result in the disclosure of ...
Web3: A New Era of Decentralized Communication Web3 is not just about decentralizing finance or data storage; it also has the potential to revolutionize communication. With Web3, we can move away from the centralized communication platforms of the past and towards a decentralized, peer-to-peer communication system that gives users more control over their data and privacy. In this article, we’ll ...
Hello Hackers, In this blog post I am discussing with you about creating WiFi jammer and fake APs (Access Point) with ESP8266 (NodeMCU). Disclaimer: This is only for educational purpose. Don’t try this on someone’s property without authorization. Table of Contents What We Discuss TodayGetting StartedWhat is ESP8266?Setup EnvironmentFlashing : ESP8266 Turn As WeaponCreating WiFi Jammer and Fake AP What ...
What is WifiPineapple The Wifipineapple is a wifi auditing platform by Hack5 that offers extensive features for defensive and offensive wifi security applications through a slick interface that you can access from any web browesers. You can easily manage your wifipineapple and use it connect wireless engagements to gather passive on a target network or even execute man-in-the-middle style attack. ...
Hi hackersLet’s start Let’s begin in nmap, as we always do. Rcon nmap shows two open ports, http (TCP 80) and ssh (TCP 22): I can’t find anything on the page, so I decide to read the page source code and find the new page in source code image.late.htb add etc/hosts 10.10.11.156 images.late.htb as discovered by SSTI injection vulnerability Referncehttps://ajinabraham.com/blog/server-side-template-injection-in-tornadohttps://github.com/carlospolop/hacktricks/blob/master/pentesting-web/ssti-server-side-template-injection/README.mdhttps://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee ...
Hello hackers Windows is used by this computer. Because I have little familiarity with Windows boxes and spend the majority of my practise time on the Linux command line, I found this machine to be challenging (but worthwhile). But this box is ideal if you want to learn something interesting about Windows. Let’s get started #Recon: We first start with ...