Being a penetration tester makes us feel like a group of traveler. Discovering the internal world of the institution during engagement gives us the opportunity to make unexpected journeys. In this article, I will share a details of how we got an access to the heart of the company. (more…)
Imagine that you have gotten a low-priv Meterpreter session on a Windows machine. Probably you’ll run getsystem to escalate your privileges. But what if it fails?
Don’t panic. There are still some techniques you can try.
This paper will explain several methods used for placing backdoors in PE (Portable Executable) files for red team purposes, in order to fully grasp the content of this paper, readers needs to have at least intermediate x86 assembly knowledge, familiarity with debuggers and decent understanding of PE file format. (more…)
Hello everyone, in this post we are going to use DNS for data ex-filtration to fasten (time based) blind sql injection attacks or make exploitation possible even on random delayed networks/applications. So let us start with basics of DNS.
An n-layered security architecture is created to protect important services required by the concept of Defense-in-Depth, which has an important place in the world of information technology. If we think about this for the corporate networks; critical systems can not be in the same network with other systems. In this article, we will analyze with examples how the attackers can access the hidden networks that have no accessibility in the first stage, by using pivoting methods. (more…)