Offensive Security Documentation by Ruben Santos Garcia
Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems
The Magic and Mayhem of delegatecall: A Deep Dive into Solidity’s Most Powerful Feature
delegatecall is a powerful Solidity feature enabling one contract to execute another’s code while using its own storage. This flexibility allows for upgradable designs but poses risks like storage overwrites and exploits. Learn how it works, its pitfalls, and how to mitigate them effectively.
This chapter explores Solidity's storage vulnerabilities, showcasing how attackers exploit them and proposing solutions like hashing, off-chain storage, and dynamic secrets to secure smart contracts.
Read more
This chapter explores an integer underflow vulnerability in the DecentralizedBank contract. Using Anvil and a Bash script, we simulate an attack where the attacker inflates their balance due to a logic flaw and withdraws 5 ETH, showcasing the importance of proper validation in smart contracts.
Read more
In this chapter, we explored the mechanics of Sandwich Attacks using a vulnerable smart contract. We deployed the contract, simulated a victim's transaction, and automated the attack with a Python bot. Key takeaways include understanding slippage, private relayers, and dynamic pricing as defenses.
Read more
Explore how flash loan vulnerabilities impact decentralized systems through the DragonBet contract. Learn about AMMs, token pricing, and manipulation strategies. Dive into a simulated attack and discover key techniques to secure smart contracts against exploitation.
Read more
This article explores front-running vulnerabilities in Ethereum smart contracts using the BiomechanicalRace case study. It simulates attacks with Anvil, Cast, and a custom validator, analyzing gas price impacts and proposing secure design solutions like commit-reveal schemes to prevent exploits.
Read more
This chapter explores reentrancy attacks in Ethereum, showcasing vulnerabilities in smart contracts and how they can be exploited using Foundry for testing. We demonstrate the attack strategy, implement a fix to secure the contract, and emphasize best practices for robust Solidity development.
Read more
This article explores a smart contract access control vulnerability using the Magic Item Shop example. By demonstrating an exploit due to missing ownership checks, we highlight the importance of verifying caller authorization, rigorous testing, and secure coding practices to protect contracts.
Read more
This chapter examines how attackers can exploit predictable randomness in a lottery contract, using Ganache to simulate the attack. It highlights the vulnerability of on-chain randomness and suggests secure solutions like Chainlink VRF.
Read more
Web3 transforms the internet with decentralization via blockchain, empowering users over data and security. This article covers blockchain basics, smart contracts, security risks, common vulnerabilities, and lays groundwork for upcoming articles on Web3 attacks and secure development practices
Read more
In this chapter, we learned to patch a native library to bypass Frida detection. We explored decompiling the APK, modifying the detection function’s flow, recompiling the APK, and testing the bypass, highlighting the limits of basic obfuscation.
Read more
Native libraries in Android boost security by adding low-level defenses, making bypass attempts harder. Still, tools like Frida can evade these measures. The next chapter will cover advanced techniques, including reverse engineering, to overcome tougher security setups
Read more
This article explains how attackers use Frida to bypass biometric authentication and how to defend against it. By understanding the Android Keystore, CryptoObject, and encryption, we implement security measures to protect sensitive data and strengthen biometric authentication in Android apps.
Read more
In this chapter of the Android pentesting series, we implemented local authentication using the BiometricPrompt API and demonstrated how it can be bypassed using Frida on a rooted emulator. We highlighted the importance of securing authentication to prevent bypass attacks.
Read more
Explore the power and security of deep links in Android. Understand traditional and app links, identify vulnerabilities, and learn to exploit them using the "InsecureShop" app. Secure your deep links with URL validation, strict intent filters, and HTTPS to protect against potential threats.
Read more
This article explores using Objection to investigate and manipulate Android activities. It highlights uncovering hidden features, exploiting vulnerabilities like insecure JWTs, and the importance of securing applications to protect against significant security risks.
Read more
In this chapter, we decoded server responses through APK reverse engineering, uncovering obfuscation techniques. We also introduced MobSF for automated security analysis, identifying vulnerabilities and enhancing the security posture of mobile applications.
Read more
In this chapter, we explored Android file system security using the com.app.damnvulnerablebank app. We identified JWT vulnerabilities and analyzed key directories. Next, we'll examine the app's encryption algorithm to see if we can access other users' data using JWTs.
Read more
This article explores advanced Android pentesting: patching apps to bypass security, using Objection for real-time inspection, and configuring backends with Docker Compose. These techniques enable deeper analysis and better vulnerability detection.
Read more
The article discusses using "Damn Vulnerable Bank" to teach mobile app security, focusing on setup, OWASP guidelines, and tools like APKTool and Frida for practical insights.
Read more
Embarking on a cybersecurity journey, we explore creating custom Nuclei templates for detecting SQLi in POST requests, leveraging mitmproxy for testing. This endeavor enhances our digital defenses by merging Nuclei's precision with fuzzing's unpredictability.
Read more
Nuclei, a standout in cybersecurity, offers template-driven vulnerability scanning. Enhanced by community collaboration, it's crucial for proactive defense. For deeper insights, visit Project Discovery's guide to unlock Nuclei's full potential and stay ahead in cybersecurity.
Read more
Embark on a voyage through proxy-powered web penetration testing. From configuring mitmproxy to uncovering vulnerabilities in real-world applications, discover the tools and tactics essential for navigating the ever-evolving cybersecurity landscape.
Read more
Exploring API security, this chapter covers rate limiting in REST APIs and dives into GraphQL vulnerabilities. It includes setting up a "Damn Vulnerable GraphQL Application" lab, testing with Altair, and emphasizes the importance of robust security measures in API design and testing.
Read more
Explore fuzzing in web pen testing, from uncovering directories to attacking login portals and finding vulnerabilities, utilizing tools like ffuf.
Read more
Explore advanced crawling techniques for web security audits, focusing on tools like Katana and proxies to uncover hidden vulnerabilities and secure web applications effectively.
Read more
We delve into web app hacking basics, covering essential tools, OWASP Juice Shop lab setup, and key skills in Linux, Python, and security. The first step towards mastering web security.
Read more
This article explores Unauthenticated API Access and Excessive Information Exposure, highlighting tools like Burp Suite, Autorize, and Aquatone for identifying and mitigating these vulnerabilities in API security.
Read more
In this series, we delved into Active Directory fundamentals, covering essential concepts, advanced reconnaissance, privilege escalation, lateral movement, and domain dominance. We explored techniques like Pass the Hash, Pass the Ticket, and Golden Ticket for comprehensive network penetration.
Read more
This chapter delves into Mass Assignment and Broken User Authentication, offering insights on identifying and mitigating these API vulnerabilities. Gain strategies to secure your digital assets and enhance your cybersecurity posture.
Read more
Explore BOLA and BFLA in API security. Uncover how BOLA leads to unauthorized data access and BFLA allows executing restricted functions. Through practical demonstrations with OWASP's crAPI, understand the critical need for stringent authorization in APIs.
Read more
Discover the roles of Account Operators, Backup Operators, and Event Log Readers in Active Directory security. Learn about their privileges, vulnerabilities, and ethical ways to manage and mitigate risks in our comprehensive series.
Read more
Dive into JWTs in API hacking: Explore a key vulnerability, learn tools like jwt_tool and Burp Suite, and understand the 'what-ifs' in security, like altering roles. For more, visit Burp Suite's site. Stay curious in cybersecurity!
Read more
Embark on the "Hacking APIs" journey—setting up a dynamic lab, applying OWASP methodologies, and conducting potent brute force tests on crAPI. Stay tuned for the next chapter, delving into precise login portal testing to fortify application security
Read more
Explore the intrigue of Windows privilege escalation in Chapter 13 of #ActiveDirectory Chronicles. Join SeImpersonatePrivilege and JuicyPotato on a journey of ethical hacking, hands-on labs, and real-world exploits in the dynamic realm of cybersecurity.
Read more
Discover the art of ROP in binary exploitation. From buffer overflows to crafting a "/bin/sh" execution using libc gadgets, this article provides insights into bypassing security measures and mastering exploit development with practical examples.
Read more
Explore how misconfigured Windows scheduled tasks can lead to privilege escalation. Learn to set up a lab, identify vulnerabilities, and execute an attack for comprehensive understanding.
Read more
Explore Unquoted Service Path, a Windows privilege escalation vulnerability. Learn to set up labs, use detection tools, and execute attacks for hands-on understanding and defense.
Read more
In this guide, we explore DLL hijacking for privilege escalation in Windows. It covers detecting vulnerabilities using Winpeas, creating a malicious DLL, and overcoming User Account Control (UAC) obstacles, demonstrating real-world implications.
Read more
In this chapter, we explore binary exploitation, focusing on buffer overflow and format string vulnerabilities. Using radare2, we pinpoint key memory addresses and adjust character counts in our exploit, overcoming challenges like unexpected compiler behavior.
Read more
Explore the intricacies of format string vulnerabilities in C programming. Learn their risks, exploit development with radare2, and crafting Python exploits. Gain crucial insights into secure coding practices.
Read more
Explore Active Directory enumeration and privilege escalation techniques, using tools like BloodHound for automatic insights and PowerView for stealthy, manual analysis in complex network environments
Read more
In this chapter, we explore advanced network pivoting techniques, using tools like Chisel and SSH in a lab setup. We focus on local and remote port forwarding and dynamic port forwarding for practical cybersecurity skills development.
Read more
This article covers setting up subnets, static IPs, firewalls in Proxmox, and configuring Windows, Kali, Ubuntu servers. It includes Docker setup for web service deployment, creating a versatile cybersecurity lab environment.
Read more
In this chapter, we finalize driver setups for Windows in Proxmox and configure an Active Directory for practice attacks. We cover driver installation, domain controller setup, certificate services, user creation, and SMB enablement, preparing a complete hacking lab environment.
Read more
Expanding Exploit Techniques: This chapter delves into complex exploit scenarios, utilizing GOT and PLT knowledge to bypass advanced code restrictions, enhancing our toolkit with dynamic function resolution strategies.
Read more
Explore Kerberos' mechanics and key attacks in a lab setting. Learn authentication steps, and master techniques like Kerberoast and Golden Ticket for practical cybersecurity skills
Read more
This chapter combines shellcode knowledge and buffer overflow exploitation to gain shell access through a vulnerable program. It includes using pwndbg for detailed analysis and advanced pwntools for crafting effective exploits, bridging theory and practice.
Read more
"Explore shellcode development: Learn assembler programming for creating efficient, compact shellcodes, avoid null character issues, and use diagnostic tools like radare2 and strace for effective troubleshooting
Read more
Discover Python's power in hacking web apps: Learn ipython3 use, scripting for authorization tests and brute force attacks, and effective error troubleshooting with practical, hands-on examples
Read more
In this guide on NTLM, Microsoft's authentication protocol, we explore its three-step process and delve into various attacks like 'Pass the Hash' and NTLM Relay. Techniques like reconnaissance, credential validation, and hash retrieval are examined, highlighting NTLM's role in network security.
Read more
We explore vulnerable code, disabling defenses and utilizing radare2 for dynamic analysis. Focusing on 'strcpy' and 'Smash the Stack' attack, we manipulate a buffer to alter 'modified'. The article covers buffer overflow, debugging, and the significance of testing various payloads
Read more
Explore Active Directory in-depth: Learn to identify key user accounts, decrypt secrets with NT/LM hashes and Kerberos keys, understand computer accounts, and strategically manage user groups for effective penetration testing.
Read more
Explore ELF binaries in Linux: Understand disassembly, sections like .text, .init, and dynamic linking with PLT, GOT. Uncover memory management, variables in .bss, .data, .rodata, and delve into lazy binding for efficient, secure code execution
Read more
This chapter explores Windows authentication, SSO, and credential extraction. It covers protocols like Kerberos, NTLM, and Mimikatz for retrieving credentials. LSA and SAM play vital roles, and PowerShell history can reveal digital footprints. LaZagne is a tool for credential recovery.
Read more
The C compilation process encompasses preprocessing, compiling to assembly, assembly to machine code, linking object files, and managing libraries. Symbols are key for functions and variables. Each phase contributes to creating efficient software for C programmers
Read more
Explore the world of APIs in this series covering Restful and GraphQL paradigms. Learn about JSON, API recognition, versioning, and Introspection Query for GraphQL.
Read more
Explore x32 function calling, the dance of frame pointers, and the ballet of call instructions. Each segment crafts an eloquent narrative in the intricate performance on the stack. Witness the artistry of assembly language unfold.
Read more
Explore Windows machines in Active Directory: From LDAP insights to SMB mastery, remote access tools like PsExec, Python's pypsexec, and WinRM empower seamless control and discovery within the Windows domain landscape
Read more
Introduction Embarking on a journey to unravel the intricacies of binary exploitation techniques, I'm excited to share my experiences in this series. While it's admittedly one of the trickier topics to tackle, especially for beginners, I've decided to take the plunge in 2023! 😅 My guide of choice is the remarkable Nightmare course, supplemented by additional resources listed below. So, let's dive into the fascinating world of binary exploitation! The compilation Process The compilation proc
Read more
Introduction In this journey through Active Directory security, we immerse ourselves in the pivotal role of Domain Controllers (DC). Positioned as central servers housing Active Directory Domain Services (AD DS), DCs play a fundamental role in maintaining the New Technologies Directory Services (NTDS) database. Not only do they oversee the database, but they also orchestrate authorization, authentication, and various essential services within the domain. Domain Controllers The NTDS d
Read more
Introduction Welcome to the kickoff of our series, where I'll guide you through the art of setting up a dynamic hacking practice environment. This first post is all about laying the groundwork for a potent Windows hacking practice arena using Proxmox. Excitingly, in the chapters to come, we'll unravel advanced configurations, network optimizations, and ventures into realms like pivoting and web hacking. Unveiling Proxmox Proxmox, our secret weapon, stands for a type-1 hypervisor—a so
Read more
Introduction to the series Embark on a journey through the first post of this blog, where we unravel the intricacies of Active Directory. This topic, a personal favorite and a recurrent element in offensive security projects, takes center stage in our exploration. A year ago, I initiated the Igris project—a Python tool crafted to test Active Directory security. Currently paused for re-engineering in the nim programming language, it serves as a potential foundation for those keen on creating off
Read more