Skip to main content

Explore Hidden Networks With Double Pivoting

An n-layered security architecture is created to protect important services required by the concept of Defense-in-Depth, which has an important place in the world of information technology.  If we think about this for the corporate networks; critical systems  can not be in the same network with other systems. In this article, we will analyze with examples how the attackers can access the hidden networks that have no accessibility in the first stage, by using pivoting methods. (more…)

What is LLMNR & WPAD and How to Abuse Them During Pentest ?

In internal penetration tests, we simulate attacks that can be performed against on misconfigured services and protocols on network-level.These attacks are mostly caused by the fact that mechanisms such as Address Resolution Protocol (ARP), Dynamic Host Configuration Protocol (DHCP), and Domain Name System (DNS) are not configured properly.One of the most important attacks that can be encountered is undoubtedly Man-in-the-Middle. It allows access to sensitive information by listening to network traffic or manipulating the target to be accessed. Security measures against this attack can be taken on network equipment such as routers and switches. However, due to the inherent weaknesses of some protocols, we can perform the same attack with different methods. For this reason, the main theme of this article will be Man-in-the-Middle attacks against LLMNR, NetBIOS and WPAD mechanisms. Before begin, I would like to explain how the computers have Windows operating system communicate with each other in the same network and perform name resolution. (more…)

How to Test Horizontal & Vertical Authorization Issues in Web Application ?

As you know, nowadays web applications could be as complex as operating systems. Most of those complexity comes from authorisation schemas. Such weaknesses are referred to in the literature as Insecure Direct Object Reference.

Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly, for example database records or files.[1]  (more…)

Attacking WPA Enterprise Wireless Network

In this post, we are going to analyze current security algorithms being used on wireless networks, how do they work, what are their weaknesses and how to attack them. A few weeks ago, there were a few add-ons to aircrack-ng which allowed an attacker to penetrate into WPA Enterprise Wireless Networks, main focus of that post will be to show how to perform that attack, while also giving an overall view of attacks on other algorithms as well. (more…)