Keeping Cyber Security Simple
In this tutorial, I will cover one of my favourite Privilege Escalation techniques “Kerberoasting”. I will not only show you how to perform a kerberoasting attack but also how you can mitigate and start to detect Keroasting in your environment. If you would like to follow along with this tutorial make sure you have your Active Directory LAB all set up, If not Check out my tutorial here. Also, make sure you have a…
What is an Unquoted Service Path? Unquoted Service path is a Privilege escalation technique which allows you to escalate your privileges from a standard unprivileged user to an administrator or NT System account. If the service is created, the path for the executable contains spaces and the whole path is not enclosed within quotes you have an unquoted service path. An Unquoted Service Path works by exploiting the way the Windows operating system looks…
At some point in your IT career, you are going to need to build yourself an Active Directory home lab. This tutorial covers segmenting your lab from the rest of your home network, Installing Windows Server 2019, Installing Active Directory, and then joining a Windows 10 workstation to a domain. Other than the physical hardware costs of running your own lab, Microsoft basically allows you to set all this up for free using their…
This tutorial covers the first three steps to secure any Linux server. Be it a VPS, Linux Virtual Machine, or a raspberry pi. These steps will work for any Debian-based Linux distribution, However, other Linux distributions should use similar commands. The three steps in this tutorial should be the bare minimum you need to secure a Linux server. This is in no way a complete server hardening guide. Researching for this tutorial, I noticed…
Token Impersonation is a way of impersonating a user access token, allowing you to effectively take over the user without even needing to know the user’s password. Subsequently, attackers are currently using this in the wild as a way to escalate privileges and move laterally across the network. However, without proper mitigation in place, it is relatively easy to perform. The one caveat is that a token impersonation attack is a post-exploitation attack. This…
In this Tutorial, I cover the Installation and deployment of Microsoft LAPS on a Windows Domain. Giving you an Illustrated step by step guide through the whole process. LAPS stands for Local Administrator Password Solution and provides management of Local administrator passwords of any domain joined Windows Client. Once installed, the Local Administrator password becomes stored centrally in Active Directory. In-turn, only allowing domain admins or specified users to read or reset these local…
In this tutorial i am going to cover basic enumeration of a Windows PC. Let me first set the scene, you have just got a shell on a Windows domain joined PC as an unprivileged domain user. You’re first steps should be to enumerate as much information off this initial PC as possible, giving you an understanding of what other users and devices can be found on the rest of the network. This additionally…
In this tutorial i am going to be doing something a bit different then my normal tutorials and create a walk-through for the crack the hash challenge from tryhackme.com I recently purchased a new NVIDIA Graphics card for my Lab PC, nothing to special just a 1050 TI to try and crack hashes a little faster then my poor laptop could handle. So i thought i would take the opportunity to level up on…
In this tutorial, I am going to give you a quick overview on how to generate a Metasploit payload with Msfvenom. Msfvenom allows you to quickly generate custom Metasploit payloads on the fly straight from the terminal. To follow along with this tutorial you are going to need to have a copy of Metasploit installed. Metasploit is already installed by default in Kali Linux; if you haven’t got kali setup yet check out my…
This Banner based Vulnerability is a common Exchange Server misconfiguration I see on PCI Compliance scans all the time. Try googling for this error and you just get a few forum pages telling you how to fix the issue; However, never explaining why this vulnerability happens in the first place. Also, check out my HTTP Header Internal IP Disclosure tutorial. If you find this vulnerability also on your PCI Compliance Report. Banner Based Vulnerabilities…
