A Strange Case of Trusts, Machine Accounts and DNS

Posted on Fri 01 May 2020 in Active Directory • Tagged with active directory, infrastructure, windows, cross domain

Looking at the impact of creating machine accounts across domain trusts


Continue reading

Crossing Trusts 4 Delegation

Posted on Sat 04 April 2020 in Active Directory • Tagged with active directory, infrastructure, windows, delegation, cross domain

A brief introduction on cross domain resource-based constrained delegation


Continue reading

Delegate 2 Thyself

Posted on Tue 17 March 2020 in Active Directory • Tagged with active directory, infrastructure, windows, delegation

A small demonstration of the ability and usefulness of delegating to yourself.


Continue reading

Abusing Users Configured with Unconstrained Delegation

Posted on Sun 15 March 2020 in Active Directory • Tagged with active directory, infrastructure, windows, delegation

Abusing a user configured for unconstrained delegation


Continue reading

Active Directory Reconnaissence - Part 1

Posted on Wed 12 February 2020 in Active Directory • Tagged with active directory, reconnaissence, infrastructure, windows

Some basic reconnaissence of active directory while unauthenticated


Continue reading

Android Basics

Posted on Sun 16 August 2015 in Mobile Hacking • Tagged with android, mobile, reverse engineering

The very basics of Android application analysis


Continue reading

Authenticated Stored XSS in TangoCMS

Posted on Thu 19 March 2015 in Web Hacking • Tagged with web, xss

Demonstrating to possibilities of exploiting an authenticated stored XSS vulnerability


Continue reading

CSRF In BigTree CMS

Posted on Sun 08 March 2015 in Web Hacking • Tagged with web, csrf, responsible disclosure

A cross site request forgery vulnerability that existed in BigTree CMS version <= 1.4.5


Continue reading

Hacking FoeCMS

Posted on Sun 08 March 2015 in Web Hacking • Tagged with web, sql injection, xss, smtp injection, insecure authentication, remote code exection

A hacking session against the open source FoeCMS where a number of vulnerabilities were found


Continue reading

A Web Hack

Posted on Sun 08 February 2015 in Web Hacking • Tagged with web, sql injection, password cracking, file upload, path disclosure, xss, python

Hacking an old version of BigTree CMS as a Pentester Academy challenge VM


Continue reading