Red Teaming in Cloud: Leverage Azure FrontDoor CDN for C2 Redirectors
Nairuz Abulhul
by Nairuz Abulhul
2M ago
RED TEAM SERIES Evading Detection: Obfuscating C2 Infrastructure with Azure FrontDoor Photo by Yifu Wu on Unsplash A redirector is a server that acts as a middleman between the C2 server and the targeted network. Its primary function is redirecting all communication between the C2 and the compromised target. Redirectors are commonly used to hide the origin of the traffic of the C2 server, making it more challenging for defenders to detect and block the C2 infrastructure. Cloud-based redirectors present a good opportunity to obscure the C2 traffic by routing it through a global networ ..read more
Visit website
Red Teaming in the Cloud: Installing Mythic C2 on Azure VM
Nairuz Abulhul
by Nairuz Abulhul
3M ago
RED TEAM SERIES C2 Deployment and Operations — Infrastructure Credit: Tamer ALKIS A Command and Control (C2) server is a server that communicates with compromised targets. During a red teaming assessment, testers use social engineering techniques like phishing or vishing to send a payload to the targets, enticing them to click on it and establish a connection with a C2 server they set up at the beginning of the operation. There are several C2 tools available in the market, open-source and commercial options. Some popular open-source C2s are Havoc, Sliver, Mythic, Covenant, and Calder ..read more
Visit website
Red Teaming in the Cloud: Deploying Azure VMs for C2 Infrastructure
Nairuz Abulhul
by Nairuz Abulhul
3M ago
RED TEAM SERIES A Guide to Deploying Red Team Infrastructure on Azure Photo by Brian McGowan on Unsplash Building a robust infrastructure is essential for the success of the red team operation. Cloud platforms provide red teamers with a resilient, scalable, and easy-to-deploy infrastructure that allows them to operate efficiently while minimizing exposure. In this guide, we will leverage Microsoft Azure Cloud platform to build our C2 infrastructure, which will include setting up a virtual machine as the Command & Control server, installing the Mythic C2 framework, and config ..read more
Visit website
Elevating Privileges with SeBackupPrivilege on Windows
Nairuz Abulhul
by Nairuz Abulhul
3M ago
WINDOWS PRIVILEGE ESCALATION Photo by Ant Rozetsky on Unsplash Once we gain initial access to a system during an internal penetration testing assessment, the next step is to escalate privileges in order to run necessary tools and explore the network effectively. In a Windows environment, one of the common ways to do this is by exploiting a user’s privileges. Abusing the SeBackupPrivilege is one such way. A user with this privilege can create a full backup of the entire system, including sensitive files like the Security Account Manager (SAM) and the Active Directory database “NT Directory ..read more
Visit website
CrackMapExec in Action: Enumerating Windows Networks (Part 2)
Nairuz Abulhul
by Nairuz Abulhul
6M ago
NETWORK SECURITY Strategically Mapping Targets inside the Internal Network Credit — Photo by Dmitrii Zhodzishskii on Unsplash CrackMapExec, known as CME, is a useful tool to use during internal pentesting assessments to assess the security of Windows networks. It performs network enumeration and identifies hosts and services while enumerating shares, users, and groups within the network. In Part 1 of our previous post, we discussed network enumeration from the perspective of a non-domain user. We looked at various methods to obtain domain credentials that we can use to perform a ..read more
Visit website
Introduction to External Penetration Testing Assessments
Nairuz Abulhul
by Nairuz Abulhul
6M ago
Testing the Waters: A Guide to External Penetration Testing Methodology Credit:DedMityay — iStock As part of a security assessment, an external penetration test simulates an attack on an organization’s systems and defenses from the internet. The ultimate goal is to provide the tested organization with a profile of potential attacks that could be carried out against its systems and assets. During an external pentest assessment, the pentester will use a variety of tools and techniques to scan and test the organization’s systems. This could involve using automated scanners and manual testing ..read more
Visit website
CrackMapExec in Action: Enumerating Windows Networks (Part 1)
Nairuz Abulhul
by Nairuz Abulhul
6M ago
NETWORK SECURITY Strategically Mapping Targets inside the Internal Network Credits — Photo by Danilo Rios on Unsplash CrackMapExec known as CME is a useful tool to use during internal pentesting assessments to assess the security of Windows networks. It performs network enumeration, identifies hosts and services while also enumerating shares, users, and groups within the network. In this article, we will discuss the initial steps of network reconnaissance, focusing on gathering information from machines that allow anonymous authentication to obtain access to the network. We will ..read more
Visit website
Privilege Escalation with Insecure Windows Service Permissions
Nairuz Abulhul
by Nairuz Abulhul
7M ago
WINDOWS PRIVILEGE ESCALATION Guide to Privilege Escalation through Insecure Windows Service Permissions. Credit — Photo by Bernd ? Dittrich on Unsplash Windows services are an essential part of the operating system, providing various functions critical to the smooth running of a system. However, services can also be vulnerable to misconfiguration, which attackers can exploit to gain unauthorized access to a system. There are many different ways that service misconfigurations can be exploited. Some common methods include: Insecure Permissions on Service Executable Insecure Servi ..read more
Visit website
Certificate-based Authentication over WinRM
Nairuz Abulhul
by Nairuz Abulhul
10M ago
WINDOWS AUTHENTICATION Advanced WinRM Security: Achieving Passwordless Authentication with Certificate-Based Methods Credit: imagedepotpro Windows Remote Management (WinRM) is a feature of Windows that allows administrators to manage remote systems — execute commands, manage services, and deploy software. By default, WinRM uses Basic Authentication to authenticate users; this method is simple to set up and use, but it is not very secure. Usernames and passwords can be easily guessed or stolen, allowing unauthorized users to access remote systems. For a better secure option, WinRM also sup ..read more
Visit website
How to Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access
Nairuz Abulhul
by Nairuz Abulhul
11M ago
ACTIVE DIRECTORY — PRIVILEGE ESCALATION Learn how to exploit this security risk to gain unauthorized access to resources on the Active Directory domain. Photo by Robert Anasch on Unsplash Resource-based constrained delegation is a security feature in Active Directory that allows one service or system to delegate its authentication authority to another service or system, granting it limited access to specific resources on behalf of a user. This is done by setting the value of themsDS-AllowedToActOnBehalfOfOtherIdentity attribute to a list of services or systems that can act on behalf ..read more
Visit website

Follow Nairuz Abulhul on FeedSpot

Continue with Google
Continue with Apple
OR