GaussDB Database Review
by Walkthrough of the checks for a security review of a GaussDB database.
Category: Hacking 101
Kubernetes Security Review Cheat Sheet
Command reference and resources for reviewing the security posture of a Kubernetes infrastructuree.
Add a new Directory to $PATH in Kali Linux
Add a new Directory to environment path variable, $PATH, in Kali Linux to help setup and easily run tools. The default shell of Kali Linux is now zsh.
Upgrading Simple Shells to Fully Interactive TTYs
Method 1: Python pty module One of my go-to commands for a long time after catching a dumb shell was to use Python to spawn a pty. The pty module let’s you spawn a psuedo-terminal that can fool commands like su into thinking they are being executed in a proper terminal. Spawn /bin/bash using Python’s PTY module, and connect the controlling shell […]
Easy Reverse Shell through WordPress Plugin
Quick easy steps to create a WordPress pugin that will give you a reverse shell.
Example of Dumping Hashes and Cracking
A walkthrough on how to dump hashes in the SAM file using Mimikatz and crack them into cleartext credentials with John the Ripper or Hashcat.
Renew Certificates on Kubernetes with Cert Manager and Reloader
In this article, you will learn how to renew certificates in your Spring Boot apps on Kubernetes with cert-manager and Stakater Reloader. We are going to run two simple Spring Boot apps that communicate with each other over SSL. The TLS cert used in that communication will be automatically generated by Cert Manager. With Cert […]
HTTPS on Kubernetes with Spring Boot, Istio and Cert Manager
In this article, you will learn how to create secure HTTPS gateways on Kubernetes. We will use Cert Manager to generate TLS/SSL certificates. With Istio we can create secure HTTPS gateways and expose them outside a Kubernetes cluster. Our test application is built on top of Spring Boot. We will consider two different ways of […]
AS-REP Roasting
In this blog post we will look at how to perform AS-REP roasting in two different ways, how to use hashcat to crack a krbasrep5 hashes, and how to mitigate this type of attack. During kerberos pre-authentication, a user’s NTID is used to encrypt a timestamp and then the domain controller will attempt to decrypt […]
Proving Grounds – Hutch
In this Walkthrough, we will be hacking the machine Hutch from Proving Grounds Practice. To begin, we will utilize the ability to perform an anonymous LDAP search to dump account information where we will find a password. With valid credentials, we will run Bloodhound remotely to query the DC and find that our user has […]