Nairuz Abulhul
451 FOLLOWERS
Data security news, opinion, advice and research. Nairuz Abulhul is Penetration tester and interested in Reverse Engineering.
Nairuz Abulhul
3M ago
RED TEAM SERIES
Evading Detection: Obfuscating C2 Infrastructure with Azure FrontDoor
Photo by Yifu Wu on Unsplash
A redirector is a server that acts as a middleman between the C2 server and the targeted network. Its primary function is redirecting all communication between the C2 and the compromised target. Redirectors are commonly used to hide the origin of the traffic of the C2 server, making it more challenging for defenders to detect and block the C2 infrastructure.
Cloud-based redirectors present a good opportunity to obscure the C2 traffic by routing it through a global networ ..read more
Nairuz Abulhul
4M ago
RED TEAM SERIES
C2 Deployment and Operations — Infrastructure
Credit: Tamer ALKIS
A Command and Control (C2) server is a server that communicates with compromised targets. During a red teaming assessment, testers use social engineering techniques like phishing or vishing to send a payload to the targets, enticing them to click on it and establish a connection with a C2 server they set up at the beginning of the operation.
There are several C2 tools available in the market, open-source and commercial options. Some popular open-source C2s are Havoc, Sliver, Mythic, Covenant, and Calder ..read more
Nairuz Abulhul
4M ago
RED TEAM SERIES
A Guide to Deploying Red Team Infrastructure on Azure
Photo by Brian McGowan on Unsplash
Building a robust infrastructure is essential for the success of the red team operation. Cloud platforms provide red teamers with a resilient, scalable, and easy-to-deploy infrastructure that allows them to operate efficiently while minimizing exposure.
In this guide, we will leverage Microsoft Azure Cloud platform to build our C2 infrastructure, which will include setting up a virtual machine as the Command & Control server, installing the Mythic C2 framework, and config ..read more
Nairuz Abulhul
4M ago
WINDOWS PRIVILEGE ESCALATION Photo by Ant Rozetsky on Unsplash
Once we gain initial access to a system during an internal penetration testing assessment, the next step is to escalate privileges in order to run necessary tools and explore the network effectively. In a Windows environment, one of the common ways to do this is by exploiting a user’s privileges.
Abusing the SeBackupPrivilege is one such way. A user with this privilege can create a full backup of the entire system, including sensitive files like the Security Account Manager (SAM) and the Active Directory database “NT Directory ..read more
Nairuz Abulhul
7M ago
NETWORK SECURITY
Strategically Mapping Targets inside the Internal Network
Credit — Photo by Dmitrii Zhodzishskii on Unsplash
CrackMapExec, known as CME, is a useful tool to use during internal pentesting assessments to assess the security of Windows networks. It performs network enumeration and identifies hosts and services while enumerating shares, users, and groups within the network.
In Part 1 of our previous post, we discussed network enumeration from the perspective of a non-domain user. We looked at various methods to obtain domain credentials that we can use to perform a ..read more
Nairuz Abulhul
7M ago
Testing the Waters: A Guide to External Penetration Testing Methodology
Credit:DedMityay — iStock
As part of a security assessment, an external penetration test simulates an attack on an organization’s systems and defenses from the internet. The ultimate goal is to provide the tested organization with a profile of potential attacks that could be carried out against its systems and assets.
During an external pentest assessment, the pentester will use a variety of tools and techniques to scan and test the organization’s systems. This could involve using automated scanners and manual testing ..read more
Nairuz Abulhul
7M ago
NETWORK SECURITY
Strategically Mapping Targets inside the Internal Network
Credits — Photo by Danilo Rios on Unsplash
CrackMapExec known as CME is a useful tool to use during internal pentesting assessments to assess the security of Windows networks. It performs network enumeration, identifies hosts and services while also enumerating shares, users, and groups within the network.
In this article, we will discuss the initial steps of network reconnaissance, focusing on gathering information from machines that allow anonymous authentication to obtain access to the network. We will ..read more
Nairuz Abulhul
8M ago
WINDOWS PRIVILEGE ESCALATION
Guide to Privilege Escalation through Insecure Windows Service Permissions.
Credit — Photo by Bernd ? Dittrich on Unsplash
Windows services are an essential part of the operating system, providing various functions critical to the smooth running of a system. However, services can also be vulnerable to misconfiguration, which attackers can exploit to gain unauthorized access to a system.
There are many different ways that service misconfigurations can be exploited. Some common methods include:
Insecure Permissions on Service Executable
Insecure Servi ..read more
Nairuz Abulhul
11M ago
WINDOWS AUTHENTICATION
Advanced WinRM Security: Achieving Passwordless Authentication with Certificate-Based Methods
Credit: imagedepotpro
Windows Remote Management (WinRM) is a feature of Windows that allows administrators to manage remote systems — execute commands, manage services, and deploy software.
By default, WinRM uses Basic Authentication to authenticate users; this method is simple to set up and use, but it is not very secure. Usernames and passwords can be easily guessed or stolen, allowing unauthorized users to access remote systems.
For a better secure option, WinRM also sup ..read more
Nairuz Abulhul
1y ago
ACTIVE DIRECTORY — PRIVILEGE ESCALATION
Learn how to exploit this security risk to gain unauthorized access to resources on the Active Directory domain.
Photo by Robert Anasch on Unsplash
Resource-based constrained delegation is a security feature in Active Directory that allows one service or system to delegate its authentication authority to another service or system, granting it limited access to specific resources on behalf of a user.
This is done by setting the value of themsDS-AllowedToActOnBehalfOfOtherIdentity attribute to a list of services or systems that can act on behalf ..read more