In December 2020, the news broke about a major cyberattack against various departments within US government systems. This was a sophisticated attack where software components of a few big-name organizations were compromised. One of the attacks was designed around infiltrating the build system and then inject a malicious payload into…


Motivation

The majority of IT experts concur that Active Directory is the dominant approach for managing the Windows domain networks. This is why adversaries get attracted to discover and exploit vulnerabilities within the Active Directory echo system. …


This write-up is for the hackthebox Cronos machine. DNS Zone Transfer is the mechanism to replicate DNS records across multiple Servers. However, if not configured properly, the information leakage caused by that misconfiguration can provide attackers some vital clues about the attack vectors. …


This write-up is for the hackthebox Active machine. According to some estimates, 95% of the Fortune 1000 companies use Active Directory. Given these types of stats, its no surprise that hackers always have a deep interest in exploiting any vulnerabilities around Domain Controllers. Kerberos is considered the heart of Active…


This write-up is for the hackthebox Valentine machine. April 2014 is well-known to Software industry folks due to the emergence of the Heartbleed bug. This issue caused a major crisis for IT professionals around the world who struggled to contain its impact. The actual cost of this bug is hard…


This write-up is for the hackthebox Nibble machine. This box teaches important lessons about how multiple vulnerabilities could be chained together to gain privileged user level access. The info card for this box is as follows.

Another Easy rated Linux machine with an IP address of 10.10.10.75. …


This write-up is for the hackthebox Beep machine. In the IT world, systems administrators have a huge responsibility to be meticulously careful about managing administrative passwords for privileged accounts. A seemingly benign application-level breach can turn into large-scale cyber espionage when systems administrators do not put time and effort to…


This write-up is for the hackthebox Arctic machine. This box highlights the weaknesses associated with use of weak password techniques that adversaries can exploit and gain full control of a machine.

Its a windows machine with an IP address of 10.10.10.11. The radar graph shows presence of CVEs.


This write-up is for the hackthebox Optimum machine. Like some other machines on the hackthebox platform, this machine also highlights the importance of keeping your Operating System and any installed applications upto date. …


This is my write-up for the hackthebox Shocker machine. Back in the day, the discovery of the Shellshock (a.k.a Bash Bug) sent the IT industry in chaos due to its lethal exploit giving attackers the ability to gain control of target computers and run malicious commands. …

Kamran Bilgrami

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store