GaussDB Database Review
Walkthrough of the checks for a security review of a GaussDB database.
Knowledge Base for Penetration Testing
Walkthrough of the checks for a security review of a GaussDB database.
Command reference and resources for reviewing the security posture of a Kubernetes infrastructuree.
Add a new Directory to environment path variable, $PATH, in Kali Linux to help setup and easily run tools. The default shell of Kali Linux is now zsh.
Method 1: Python pty module One of my go-to commands for a long time after catching a dumb shell was to use Python to spawn a pty. The pty module let’s you spawn a psuedo-terminal that can fool commands like su into thinking they are being executed in a proper terminal. Spawn /bin/bash using Python’s PTY module, and connect the controlling shell […]
Quick easy steps to create a WordPress pugin that will give you a reverse shell.
A walkthrough on how to dump hashes in the SAM file using Mimikatz and crack them into cleartext credentials with John the Ripper or Hashcat.
In this article, you will learn how to renew certificates in your Spring Boot apps on Kubernetes with cert-manager and Stakater Reloader. We are going to run two simple Spring Boot apps that communicate with each other over SSL. The TLS cert used in that communication will be automatically generated by Cert Manager. With Cert […]
In this article, you will learn how to create secure HTTPS gateways on Kubernetes. We will use Cert Manager to generate TLS/SSL certificates. With Istio we can create secure HTTPS gateways and expose them outside a Kubernetes cluster. Our test application is built on top of Spring Boot. We will consider two different ways of […]
In this blog post we will look at how to perform AS-REP roasting in two different ways, how to use hashcat to crack a krbasrep5 hashes, and how to mitigate this type of attack. During kerberos pre-authentication, a user’s NTID is used to encrypt a timestamp and then the domain controller will attempt to decrypt […]
In this Walkthrough, we will be hacking the machine Hutch from Proving Grounds Practice. To begin, we will utilize the ability to perform an anonymous LDAP search to dump account information where we will find a password. With valid credentials, we will run Bloodhound remotely to query the DC and find that our user has […]