Case Scenario 1. Analyzing Domain Controller Security Logs, can you confirm the date & time when the kerberoasting activity occurred? 2. What is the Service Name that was targeted? 3.It is really important to identify the Workstation from which this activity occurred. What is the IP […]
In this post, I would like to share some walkthroughs on the Sherlock Challenges such as LockPick2.0 which can be considered a Hard Difficulty Case Study for LockPick2.0 Challenge Firstly, we need to extract the zip file of lockpick2.0 which provide us with a few files The screenshot above […]
There is no excerpt because this is a protected post.
In this post, I would like to share a walkthrough of the Inject Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Inject machine? For the user flag, you will need to execute […]
There is no excerpt because this is a protected post.
In this post, i would like to share a method that i have learned while playing with Bagel Machine. The vulnerability attack that i mentioned here is by using dotnet FSI. The full writeup on the Bagel Machine can be found here Dotnet FSI attack. For […]
Dompdf Vulnerability For those who are not familiar with Dompdf, Synk has released a few vulnerabilities that are related to Dompdf over here. Based on the description here, the vulnerability that we can use has been assigned to CVE-2022-28368. The vulnerability has an option in Dompdf […]
What are AMSI and AppLocker bypasses? This is a Windows Machine that might have some security features that might be preventing the reverse shell from running on the machine itself. We can assume that AppLocker is in use inside the machine which also leads to AMSI […]
In this post, I would like to share a weakness of ModSecurity that has been used within the Sekhmet Machine. The full writeup on the Sekhmet machine can be found here What is ModSecurity? For those who are not familiar with ModSecurity(ModSec), it’s an open-source Web […]
In this post, I would like to share how to escape the docker environment to obtain Root Privileges Access on the machine itself. However, I did manage to get Root Privileges Access by taking a different route which you can read here How will we escape […]