One of the first things I check during an internal is GPP credentials. If you know the environment is older, this is a quick way to potentially obtain valid credentials. They are usually configured by ...
Welcome back to the "Attacks You Should Know About" series! It's been a while, but we're coming back with one of the most prevalent vulnerabilities in web applications: Insecure Direct Object References, more commonly known ...
Welcome to the second installment of our "Attacks You Should Know About" series! This blog provides valuable insights for both novice and experienced cybersecurity professionals on common attacks and vulnerabilities. Today, we examine cross-origin resource ...
Blocky is a Linux machine with an easy-to-medium difficulty rating. It contains several intentional rabbit holes, including WordPress components, plugin directories, and PhpMyAdmin, which can initially mislead the enumeration process. Nmap Scan ┌──(kali㉿kali)-[~] └─$ nmap ...
Administrator is a Windows-based machine rated as medium difficulty on Hack The Box. It’s designed to mimic a real-world Active Directory setup, giving the opportunity to dig into SMB enumeration, map out attack paths with ...
Welcome back to another installment of "Attacks You Should Know About"! If you’ve been following along, you already know that web applications are full of potential vulnerabilities. Today, we’re diving into one of the more ...
MonitorsTwo is an Easy-difficulty Linux machine on Hack The Box that offers a comprehensive exploration of various vulnerabilities and misconfigurations. It starts off with a web application that is vulnerable to an unauthenticated remote ...
When talking about the threat landscape for web applications, you might first think of SQL injections, cross-site scripting, and other well-known attacks. But, there are another vectors that often fly under the radar: HTTP ...
Active Directory Certificate Services (ADCS) is also known as "privilege escalation as a service." ADCS is a service provided with Active Directory that issues certificates for machines and services within a Windows environment, and ...
