Master Offensive Security Through Hands-On Documentation
From Active Directory exploitation to API hacking. Comprehensive guides, real-world techniques, and practical methodologies by Rubén Santos García
Fresh tutorials, techniques, and methodologies from the offensive security frontline
We explore how root containers and host mounts enable privilege escalation, from SUID binaries in shared volumes to abusing /proc/<PID>/root. Then we show how Valeris detects these risky setups with YAML-based rules before they lead to full host compromise.
Docker uses namespaces, cgroups & OverlayFS for isolation, but misconfigs (root, --privileged, sensitive mounts) weaken security. Valeris, a Rust CLI, audits running containers, flags risks, and provides a checklist to harden deployments.
Discover the power of Slither's API for in-depth smart contract auditing. Learn how to build custom detectors, enhance output with Rich, and uncover hidden vulnerabilities beyond standard static analysis.
A purpose isn't something you wait for. it's something you build. Through discipline, reflection, and action, you can design a life worth living. In this article, we explore what it means to walk with purpose in a world full of noise and distraction.
Slither: A powerful static analysis tool that scans smart contracts for vulnerabilities, maps attack surfaces, and visualizes code relationships—essential for efficient security auditing and penetration testing of blockchain applications.
Learn how poor gas management can break smart contracts, open attack vectors, and waste resources. We explore real examples, test cases, and practical tips to help you audit and optimize gas usage like a pro—without burning your mana.
We explore unit testing, fuzzing, and invariant testing in smart contracts to detect vulnerabilities and enhance security before deployment, using Foundry for automated and effective testing.
ERC-20 tokens power Ethereum, but poor implementations can be riddled with vulnerabilities. From integer overflows to reentrancy and front-running attacks, pentesters must scrutinize contracts. This chapter explores key flaws, exploits, and Foundry-based testing to break and secure ERC-20 tokens. 🚀
Explore how Ethereum’s powerful selfdestruct function can be exploited to bypass deposit restrictions and drain smart contract funds. This guide breaks down a real-world attack, explains the vulnerability, and provides actionable steps to secure contracts against similar exploits.
In this chapter, we explore UUPS Proxies, their efficiency, and security trade-offs compared to Transparent Proxies. We break down their architecture, deployment, and common vulnerabilities. We also examine Beacon, Minimal, and Diamond Proxies, analyzing their risks and real-world use cases. 🚀
Transparent Proxies allow smart contracts to be upgraded without changing their address, forwarding calls to implementation contracts while preserving state. In this chapter, we deployed, interacted with, and upgraded a proxy, exploring its architecture and benefits.
delegatecall is a powerful Solidity feature enabling one contract to execute another’s code while using its own storage. This flexibility allows for upgradable designs but poses risks like storage overwrites and exploits. Learn how it works, its pitfalls, and how to mitigate them effectively.
This chapter explores Solidity's storage vulnerabilities, showcasing how attackers exploit them and proposing solutions like hashing, off-chain storage, and dynamic secrets to secure smart contracts.
This chapter explores an integer underflow vulnerability in the DecentralizedBank contract. Using Anvil and a Bash script, we simulate an attack where the attacker inflates their balance due to a logic flaw and withdraws 5 ETH, showcasing the importance of proper validation in smart contracts.
In this chapter, we explored the mechanics of Sandwich Attacks using a vulnerable smart contract. We deployed the contract, simulated a victim's transaction, and automated the attack with a Python bot. Key takeaways include understanding slippage, private relayers, and dynamic pricing as defenses.
Explore how flash loan vulnerabilities impact decentralized systems through the DragonBet contract. Learn about AMMs, token pricing, and manipulation strategies. Dive into a simulated attack and discover key techniques to secure smart contracts against exploitation.
This article explores front-running vulnerabilities in Ethereum smart contracts using the BiomechanicalRace case study. It simulates attacks with Anvil, Cast, and a custom validator, analyzing gas price impacts and proposing secure design solutions like commit-reveal schemes to prevent exploits.
This chapter explores reentrancy attacks in Ethereum, showcasing vulnerabilities in smart contracts and how they can be exploited using Foundry for testing. We demonstrate the attack strategy, implement a fix to secure the contract, and emphasize best practices for robust Solidity development.
This article explores a smart contract access control vulnerability using the Magic Item Shop example. By demonstrating an exploit due to missing ownership checks, we highlight the importance of verifying caller authorization, rigorous testing, and secure coding practices to protect contracts.
This chapter examines how attackers can exploit predictable randomness in a lottery contract, using Ganache to simulate the attack. It highlights the vulnerability of on-chain randomness and suggests secure solutions like Chainlink VRF.
Web3 transforms the internet with decentralization via blockchain, empowering users over data and security. This article covers blockchain basics, smart contracts, security risks, common vulnerabilities, and lays groundwork for upcoming articles on Web3 attacks and secure development practices
In this chapter, we learned to patch a native library to bypass Frida detection. We explored decompiling the APK, modifying the detection function’s flow, recompiling the APK, and testing the bypass, highlighting the limits of basic obfuscation.
Native libraries in Android boost security by adding low-level defenses, making bypass attempts harder. Still, tools like Frida can evade these measures. The next chapter will cover advanced techniques, including reverse engineering, to overcome tougher security setups
This article explains how attackers use Frida to bypass biometric authentication and how to defend against it. By understanding the Android Keystore, CryptoObject, and encryption, we implement security measures to protect sensitive data and strengthen biometric authentication in Android apps.
In this chapter of the Android pentesting series, we implemented local authentication using the BiometricPrompt API and demonstrated how it can be bypassed using Frida on a rooted emulator. We highlighted the importance of securing authentication to prevent bypass attacks.
Explore the power and security of deep links in Android. Understand traditional and app links, identify vulnerabilities, and learn to exploit them using the "InsecureShop" app. Secure your deep links with URL validation, strict intent filters, and HTTPS to protect against potential threats.
This article explores using Objection to investigate and manipulate Android activities. It highlights uncovering hidden features, exploiting vulnerabilities like insecure JWTs, and the importance of securing applications to protect against significant security risks.
In this chapter, we decoded server responses through APK reverse engineering, uncovering obfuscation techniques. We also introduced MobSF for automated security analysis, identifying vulnerabilities and enhancing the security posture of mobile applications.
In this chapter, we explored Android file system security using the com.app.damnvulnerablebank app. We identified JWT vulnerabilities and analyzed key directories. Next, we'll examine the app's encryption algorithm to see if we can access other users' data using JWTs.
This article explores advanced Android pentesting: patching apps to bypass security, using Objection for real-time inspection, and configuring backends with Docker Compose. These techniques enable deeper analysis and better vulnerability detection.
The article discusses using "Damn Vulnerable Bank" to teach mobile app security, focusing on setup, OWASP guidelines, and tools like APKTool and Frida for practical insights.
Embarking on a cybersecurity journey, we explore creating custom Nuclei templates for detecting SQLi in POST requests, leveraging mitmproxy for testing. This endeavor enhances our digital defenses by merging Nuclei's precision with fuzzing's unpredictability.
Nuclei, a standout in cybersecurity, offers template-driven vulnerability scanning. Enhanced by community collaboration, it's crucial for proactive defense. For deeper insights, visit Project Discovery's guide to unlock Nuclei's full potential and stay ahead in cybersecurity.
Embark on a voyage through proxy-powered web penetration testing. From configuring mitmproxy to uncovering vulnerabilities in real-world applications, discover the tools and tactics essential for navigating the ever-evolving cybersecurity landscape.
Exploring API security, this chapter covers rate limiting in REST APIs and dives into GraphQL vulnerabilities. It includes setting up a "Damn Vulnerable GraphQL Application" lab, testing with Altair, and emphasizes the importance of robust security measures in API design and testing.
Explore fuzzing in web pen testing, from uncovering directories to attacking login portals and finding vulnerabilities, utilizing tools like ffuf.
Explore advanced crawling techniques for web security audits, focusing on tools like Katana and proxies to uncover hidden vulnerabilities and secure web applications effectively.
We delve into web app hacking basics, covering essential tools, OWASP Juice Shop lab setup, and key skills in Linux, Python, and security. The first step towards mastering web security.
This article explores Unauthenticated API Access and Excessive Information Exposure, highlighting tools like Burp Suite, Autorize, and Aquatone for identifying and mitigating these vulnerabilities in API security.
In this series, we delved into Active Directory fundamentals, covering essential concepts, advanced reconnaissance, privilege escalation, lateral movement, and domain dominance. We explored techniques like Pass the Hash, Pass the Ticket, and Golden Ticket for comprehensive network penetration.
This chapter delves into Mass Assignment and Broken User Authentication, offering insights on identifying and mitigating these API vulnerabilities. Gain strategies to secure your digital assets and enhance your cybersecurity posture.
Explore BOLA and BFLA in API security. Uncover how BOLA leads to unauthorized data access and BFLA allows executing restricted functions. Through practical demonstrations with OWASP's crAPI, understand the critical need for stringent authorization in APIs.
Discover the roles of Account Operators, Backup Operators, and Event Log Readers in Active Directory security. Learn about their privileges, vulnerabilities, and ethical ways to manage and mitigate risks in our comprehensive series.
Dive into JWTs in API hacking: Explore a key vulnerability, learn tools like jwt_tool and Burp Suite, and understand the 'what-ifs' in security, like altering roles. For more, visit Burp Suite's site. Stay curious in cybersecurity!
Embark on the "Hacking APIs" journey—setting up a dynamic lab, applying OWASP methodologies, and conducting potent brute force tests on crAPI. Stay tuned for the next chapter, delving into precise login portal testing to fortify application security
Explore the intrigue of Windows privilege escalation in Chapter 13 of #ActiveDirectory Chronicles. Join SeImpersonatePrivilege and JuicyPotato on a journey of ethical hacking, hands-on labs, and real-world exploits in the dynamic realm of cybersecurity.
Discover the art of ROP in binary exploitation. From buffer overflows to crafting a "/bin/sh" execution using libc gadgets, this article provides insights into bypassing security measures and mastering exploit development with practical examples.
Explore how misconfigured Windows scheduled tasks can lead to privilege escalation. Learn to set up a lab, identify vulnerabilities, and execute an attack for comprehensive understanding.
Explore Unquoted Service Path, a Windows privilege escalation vulnerability. Learn to set up labs, use detection tools, and execute attacks for hands-on understanding and defense.
In this guide, we explore DLL hijacking for privilege escalation in Windows. It covers detecting vulnerabilities using Winpeas, creating a malicious DLL, and overcoming User Account Control (UAC) obstacles, demonstrating real-world implications.
In this chapter, we explore binary exploitation, focusing on buffer overflow and format string vulnerabilities. Using radare2, we pinpoint key memory addresses and adjust character counts in our exploit, overcoming challenges like unexpected compiler behavior.
Explore the intricacies of format string vulnerabilities in C programming. Learn their risks, exploit development with radare2, and crafting Python exploits. Gain crucial insights into secure coding practices.
Explore Active Directory enumeration and privilege escalation techniques, using tools like BloodHound for automatic insights and PowerView for stealthy, manual analysis in complex network environments
In this chapter, we explore advanced network pivoting techniques, using tools like Chisel and SSH in a lab setup. We focus on local and remote port forwarding and dynamic port forwarding for practical cybersecurity skills development.
This article covers setting up subnets, static IPs, firewalls in Proxmox, and configuring Windows, Kali, Ubuntu servers. It includes Docker setup for web service deployment, creating a versatile cybersecurity lab environment.
In this chapter, we finalize driver setups for Windows in Proxmox and configure an Active Directory for practice attacks. We cover driver installation, domain controller setup, certificate services, user creation, and SMB enablement, preparing a complete hacking lab environment.
Expanding Exploit Techniques: This chapter delves into complex exploit scenarios, utilizing GOT and PLT knowledge to bypass advanced code restrictions, enhancing our toolkit with dynamic function resolution strategies.
Explore Kerberos' mechanics and key attacks in a lab setting. Learn authentication steps, and master techniques like Kerberoast and Golden Ticket for practical cybersecurity skills
This chapter combines shellcode knowledge and buffer overflow exploitation to gain shell access through a vulnerable program. It includes using pwndbg for detailed analysis and advanced pwntools for crafting effective exploits, bridging theory and practice.
"Explore shellcode development: Learn assembler programming for creating efficient, compact shellcodes, avoid null character issues, and use diagnostic tools like radare2 and strace for effective troubleshooting
Discover Python's power in hacking web apps: Learn ipython3 use, scripting for authorization tests and brute force attacks, and effective error troubleshooting with practical, hands-on examples
In this guide on NTLM, Microsoft's authentication protocol, we explore its three-step process and delve into various attacks like 'Pass the Hash' and NTLM Relay. Techniques like reconnaissance, credential validation, and hash retrieval are examined, highlighting NTLM's role in network security.
We explore vulnerable code, disabling defenses and utilizing radare2 for dynamic analysis. Focusing on 'strcpy' and 'Smash the Stack' attack, we manipulate a buffer to alter 'modified'. The article covers buffer overflow, debugging, and the significance of testing various payloads
Explore Active Directory in-depth: Learn to identify key user accounts, decrypt secrets with NT/LM hashes and Kerberos keys, understand computer accounts, and strategically manage user groups for effective penetration testing.
Explore ELF binaries in Linux: Understand disassembly, sections like .text, .init, and dynamic linking with PLT, GOT. Uncover memory management, variables in .bss, .data, .rodata, and delve into lazy binding for efficient, secure code execution
This chapter explores Windows authentication, SSO, and credential extraction. It covers protocols like Kerberos, NTLM, and Mimikatz for retrieving credentials. LSA and SAM play vital roles, and PowerShell history can reveal digital footprints. LaZagne is a tool for credential recovery.
The C compilation process encompasses preprocessing, compiling to assembly, assembly to machine code, linking object files, and managing libraries. Symbols are key for functions and variables. Each phase contributes to creating efficient software for C programmers
Explore the world of APIs in this series covering Restful and GraphQL paradigms. Learn about JSON, API recognition, versioning, and Introspection Query for GraphQL.
Explore x32 function calling, the dance of frame pointers, and the ballet of call instructions. Each segment crafts an eloquent narrative in the intricate performance on the stack. Witness the artistry of assembly language unfold.
Explore Windows machines in Active Directory: From LDAP insights to SMB mastery, remote access tools like PsExec, Python's pypsexec, and WinRM empower seamless control and discovery within the Windows domain landscape
Introduction Embarking on a journey to unravel the intricacies of binary exploitation techniques, I'm excited to share my experiences in this series. While it's admittedly one of the trickier topics to tackle, especially for beginners, I've decided to take the plunge in 2023! 😅 My guide of choic...
Introduction In this journey through Active Directory security, we immerse ourselves in the pivotal role of Domain Controllers (DC). Positioned as central servers housing Active Directory Domain Services (AD DS), DCs play a fundamental role in maintaining the New Technologies Directory Services (...
Introduction Welcome to the kickoff of our series, where I'll guide you through the art of setting up a dynamic hacking practice environment. This first post is all about laying the groundwork for a potent Windows hacking practice arena using Proxmox. Excitingly, in the chapters to come, we'll un...
Introduction to the series Embark on a journey through the first post of this blog, where we unravel the intricacies of Active Directory. This topic, a personal favorite and a recurrent element in offensive security projects, takes center stage in our exploration. A year ago, I initiated the Igri...
Press Esc or click outside to close