Shabnoon Khalid Random ramblings

Active Directory Red Team - Enumeration

In this module I will cover how you can enumerate Microsoft Active Directory with Powerview and gather critical information about the Active Directory and its components.

Microsoft Exchange zero-day attacks - Exposed Exchange Servers in MV IP space

Last week, Microsoft released out-of-band updates to address multiple zero-day vulnerabilities which affect the on-premises version of the exchange server

Active Directory Red Team - Lab Setup

Enterprises are using Microsoft Active Directory for identity management and protecting resources. As a blue or red teamer finding and exploiting flaws and understanding the underlying security issue is very important

Monitoring PowerShell in the Enterprise

Powershell is an extremely powerful scripting and administration language that is baked right into Windows, this make an attractive target for attackers. Over the years PowerShell is increasingly being used as an offensive tool for attacks by threat actors

Windows Active Directory takeover with Zerologin Vulnerability (CVE-2020-1472)

Demo of recent Windows Zerologin exploit

RopMev2 - Challenge

This is a recently retired binary exploitation (pwn) challenge from hackthebox.

Hackthebox - Chainsaw

Chainsaw is a retired vulnerable VM from Hack. This box is about Solidity, Ethereum Blockchain and IPFS Exploitation

Hackthebox - Carrier

Carrier is a retired vulnerable VM from Hack. This box is really fun since it allows us to play with BGP Hijacking which is pretty rare to see in CTF like challenges.

ROP Emporium - Split

This is the Second challenge from ROP Emporium, challenge name Split. In this challenge we have to create a small ROP Chain which execute system and give us the flag to complete the challenge. Through out this i am going to use radare2 as much as i can, just for learning the tool. Radare2 is a complete framework for reverse-engineering and analyzing binaries.

ROP Emporium - Ret2win

Doing these challenges to improve my binary exploitation skills and teach my self Return oriented programming (ROP). These challenges use the usual CTF objective of retrieving the contents of a file named flag.txt from a remote machine by exploiting a given binary

Hackthebox - OpenAdmin

OpenAdmin is rated as a Easy Linux box. It was released on 04 Jan 2020 and has been created by @dmw0ng This box required us to perform the following tasks: - Enumerate a web server to find vulnerable web application - Exploit Web app to get initial foothold - Credential reuse attack - Download users SSH private key and crack - Exploit misconfigured nano permission

Overthewire - Narnia 0-1

This blogpost contains the solutions for Narnia series of challenges from overthewire, this category of challenges are aimed at beginners to binary exploitation. Let's take a look at the code of this program.The below C code is the source code for the first challenge in the Narnia series of challenges from Overthewire.

Buffer overflow exploitation (Basic Stack overflow)

Welcome to part one of the x86 Linux binary exploitation series. In these series of posts, I will cover x86 Linux binary exploitation, from basics to advanced topics.

x86-linux-exploit-development-introduction

Welcome to part one of the x86 Linux binary exploitation series. In these series of posts, I will cover x86 Linux binary exploitation, from basics to advanced topics.