Kayssel

Offensive Security Documentation by Ruben Santos Garcia

logo
Image Description
Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

From Front-Running to Sandwich Attacks: An Advanced Look at MEV Exploits

In this chapter, we explored the mechanics of Sandwich Attacks using a vulnerable smart contract. We deployed the contract, simulated a victim's transaction, and automated the attack with a Python bot. Key takeaways include understanding slippage, private relayers, and dynamic pricing as defenses.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

Breaking the Bet: Simulating Flash Loan Attacks in Decentralized Systems

Explore how flash loan vulnerabilities impact decentralized systems through the DragonBet contract. Learn about AMMs, token pricing, and manipulation strategies. Dive into a simulated attack and discover key techniques to secure smart contracts against exploitation.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

Simulating Front-Running Attacks in Ethereum: A Deep Dive with Foundry and Anvil

This article explores front-running vulnerabilities in Ethereum smart contracts using the BiomechanicalRace case study. It simulates attacks with Anvil, Cast, and a custom validator, analyzing gas price impacts and proposing secure design solutions like commit-reveal schemes to prevent exploits.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

The Traitor Within: Reentrancy Attacks Explained and Resolved

This chapter explores reentrancy attacks in Ethereum, showcasing vulnerabilities in smart contracts and how they can be exploited using Foundry for testing. We demonstrate the attack strategy, implement a fix to secure the contract, and emphasize best practices for robust Solidity development.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

Refunds Gone Wrong: How Access Control Flaws Can Drain Your Contract

This article explores a smart contract access control vulnerability using the Magic Item Shop example. By demonstrating an exploit due to missing ownership checks, we highlight the importance of verifying caller authorization, rigorous testing, and secure coding practices to protect contracts.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

Exploiting Predictable Randomness in Ethereum Smart Contracts

This chapter examines how attackers can exploit predictable randomness in a lottery contract, using Ganache to simulate the attack. It highlights the vulnerability of on-chain randomness and suggests secure solutions like Chainlink VRF.

Read more

Web3 Exploitation Fundamentals: Navigating Security in Decentralized Systems

Pentesting Web3: Setting Up a Smart Contract Testing Environment

Web3 transforms the internet with decentralization via blockchain, empowering users over data and security. This article covers blockchain basics, smart contracts, security risks, common vulnerabilities, and lays groundwork for upcoming articles on Web3 attacks and secure development practices

Read more

Securing Android: An In-Depth Exploration

Patching Native Libraries for Frida Detection Bypass

In this chapter, we learned to patch a native library to bypass Frida detection. We explored decompiling the APK, modifying the detection function’s flow, recompiling the APK, and testing the bypass, highlighting the limits of basic obfuscation.

Read more

Securing Android: An In-Depth Exploration

Enhancing Android Security with Native Libraries: Implementation and Evasion Techniques

Native libraries in Android boost security by adding low-level defenses, making bypass attempts harder. Still, tools like Frida can evade these measures. The next chapter will cover advanced techniques, including reverse engineering, to overcome tougher security setups

Read more

Securing Android: An In-Depth Exploration

Securing Biometric Authentication: Defending Against Frida Bypass Attacks

This article explains how attackers use Frida to bypass biometric authentication and how to defend against it. By understanding the Android Keystore, CryptoObject, and encryption, we implement security measures to protect sensitive data and strengthen biometric authentication in Android apps.

Read more

Securing Android: An In-Depth Exploration

Cracking Android Biometric Authentication with Frida

In this chapter of the Android pentesting series, we implemented local authentication using the BiometricPrompt API and demonstrated how it can be bypassed using Frida on a rooted emulator. We highlighted the importance of securing authentication to prevent bypass attacks.

Read more

Securing Android: An In-Depth Exploration

Linking with Confidence: Securing Deep Links in Android Applications

Explore the power and security of deep links in Android. Understand traditional and app links, identify vulnerabilities, and learn to exploit them using the "InsecureShop" app. Secure your deep links with URL validation, strict intent filters, and HTTPS to protect against potential threats.

Read more

Securing Android: An In-Depth Exploration

Mastering Android Activity Hacking: Techniques and Tools

This article explores using Objection to investigate and manipulate Android activities. It highlights uncovering hidden features, exploiting vulnerabilities like insecure JWTs, and the importance of securing applications to protect against significant security risks.

Read more

Securing Android: An In-Depth Exploration

Cracking the Code: Exploring Reverse Engineering and MobSF for Mobile App Security

In this chapter, we decoded server responses through APK reverse engineering, uncovering obfuscation techniques. We also introduced MobSF for automated security analysis, identifying vulnerabilities and enhancing the security posture of mobile applications.

Read more

Securing Android: An In-Depth Exploration

Exploring Android File System and Log Vulnerabilities

In this chapter, we explored Android file system security using the com.app.damnvulnerablebank app. We identified JWT vulnerabilities and analyzed key directories. Next, we'll examine the app's encryption algorithm to see if we can access other users' data using JWTs.

Read more

Securing Android: An In-Depth Exploration

Comprehensive Android Security Testing: Patching, Objection, and API Backend

This article explores advanced Android pentesting: patching apps to bypass security, using Objection for real-time inspection, and configuring backends with Docker Compose. These techniques enable deeper analysis and better vulnerability detection.

Read more

Securing Android: An In-Depth Exploration

Mastering Mobile Security: A Guide with Damn Vulnerable Bank

The article discusses using "Damn Vulnerable Bank" to teach mobile app security, focusing on setup, OWASP guidelines, and tools like APKTool and Frida for practical insights.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

From Chaos to Clarity: The Art of Fuzzing with Nuclei

Embarking on a cybersecurity journey, we explore creating custom Nuclei templates for detecting SQLi in POST requests, leveraging mitmproxy for testing. This endeavor enhances our digital defenses by merging Nuclei's precision with fuzzing's unpredictability.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

Harnessing the Power of Nuclei: A Guide to Advanced Vulnerability Scanning

Nuclei, a standout in cybersecurity, offers template-driven vulnerability scanning. Enhanced by community collaboration, it's crucial for proactive defense. For deeper insights, visit Project Discovery's guide to unlock Nuclei's full potential and stay ahead in cybersecurity.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

From Novice to Ninja: Proxy Techniques in Pentesting

Embark on a voyage through proxy-powered web penetration testing. From configuring mitmproxy to uncovering vulnerabilities in real-world applications, discover the tools and tactics essential for navigating the ever-evolving cybersecurity landscape.

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

API Safeguards: Mastering Rate Limiting and GraphQL Security

Exploring API security, this chapter covers rate limiting in REST APIs and dives into GraphQL vulnerabilities. It includes setting up a "Damn Vulnerable GraphQL Application" lab, testing with Altair, and emphasizes the importance of robust security measures in API design and testing.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

The Art of Fuzzing: Navigating Web Security with Advanced Testing Strategies

Explore fuzzing in web pen testing, from uncovering directories to attacking login portals and finding vulnerabilities, utilizing tools like ffuf.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

Katana in Action: Enhancing Security Audits Through Effective Web Crawling

Explore advanced crawling techniques for web security audits, focusing on tools like Katana and proxies to uncover hidden vulnerabilities and secure web applications effectively.

Read more

Open Source Web Hacking Mastery: A Junior's Guide to Methodical Penetration Testing

Web Application Hacking Fundamentals: Starting the Journey

We delve into web app hacking basics, covering essential tools, OWASP Juice Shop lab setup, and key skills in Linux, Python, and security. The first step towards mastering web security.

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

Unveiling Shadows: Navigating the Risks of Unauthenticated API Access and Excessive Information Exposure

This article explores Unauthenticated API Access and Excessive Information Exposure, highlighting tools like Burp Suite, Autorize, and Aquatone for identifying and mitigating these vulnerabilities in API security.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Active Directory Pentesting Methodology: Crafting Strategies for Success

In this series, we delved into Active Directory fundamentals, covering essential concepts, advanced reconnaissance, privilege escalation, lateral movement, and domain dominance. We explored techniques like Pass the Hash, Pass the Ticket, and Golden Ticket for comprehensive network penetration.

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

API Security Under the Microscope: Unmasking Mass Assignment and Broken User Authentication

This chapter delves into Mass Assignment and Broken User Authentication, offering insights on identifying and mitigating these API vulnerabilities. Gain strategies to secure your digital assets and enhance your cybersecurity posture.

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

Securing the Gates: Mastering BOLA and BFLA in API Security

Explore BOLA and BFLA in API security. Uncover how BOLA leads to unauthorized data access and BFLA allows executing restricted functions. Through practical demonstrations with OWASP's crAPI, understand the critical need for stringent authorization in APIs.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Three Keys to the Kingdom: Uncovering the Roles of Account Operators, Backup Operators, and Event Log Readers in Offensive Security

Discover the roles of Account Operators, Backup Operators, and Event Log Readers in Active Directory security. Learn about their privileges, vulnerabilities, and ethical ways to manage and mitigate risks in our comprehensive series.

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

Decoding JWT: Unveiling Vulnerabilities in API Security

Dive into JWTs in API hacking: Explore a key vulnerability, learn tools like jwt_tool and Burp Suite, and understand the 'what-ifs' in security, like altering roles. For more, visit Burp Suite's site. Stay curious in cybersecurity!

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

Unveiling API Hacking: A Methodological Journey Through Recognition and Exploration

Embark on the "Hacking APIs" journey—setting up a dynamic lab, applying OWASP methodologies, and conducting potent brute force tests on crAPI. Stay tuned for the next chapter, delving into precise login portal testing to fortify application security

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Navigating SeImpersonatePrivilege and Unleashing Remote Code Execution

Explore the intrigue of Windows privilege escalation in Chapter 13 of #ActiveDirectory Chronicles. Join SeImpersonatePrivilege and JuicyPotato on a journey of ethical hacking, hands-on labs, and real-world exploits in the dynamic realm of cybersecurity.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

ROP Magic: Exploiting Linux Binaries with ret2libc

Discover the art of ROP in binary exploitation. From buffer overflows to crafting a "/bin/sh" execution using libc gadgets, this article provides insights into bypassing security measures and mastering exploit development with practical examples.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Time to Rise: Privilege Escalation Chronicles – Unveiling Windows Scheduled Task Exploits

Explore how misconfigured Windows scheduled tasks can lead to privilege escalation. Learn to set up a lab, identify vulnerabilities, and execute an attack for comprehensive understanding.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Path to Power: Unleashing Windows Privileges through Unquoted Service Paths

Explore Unquoted Service Path, a Windows privilege escalation vulnerability. Learn to set up labs, use detection tools, and execute attacks for hands-on understanding and defense.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

DLL Hijacking: Understanding, Detecting, and Exploiting Privilege Escalation on Windows

In this guide, we explore DLL hijacking for privilege escalation in Windows. It covers detecting vulnerabilities using Winpeas, creating a malicious DLL, and overcoming User Account Control (UAC) obstacles, demonstrating real-world implications.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Mastering Binary Exploitation: Unleashing the Power of Format String and Buffer Overflow

In this chapter, we explore binary exploitation, focusing on buffer overflow and format string vulnerabilities. Using radare2, we pinpoint key memory addresses and adjust character counts in our exploit, overcoming challenges like unexpected compiler behavior.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Mastering Format String Exploits: A Comprehensive Guide

Explore the intricacies of format string vulnerabilities in C programming. Learn their risks, exploit development with radare2, and crafting Python exploits. Gain crucial insights into secure coding practices.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Active Directory Enumeration: Automated and Manual Techniques for Privilege Escalation

Explore Active Directory enumeration and privilege escalation techniques, using tools like BloodHound for automatic insights and PowerView for stealthy, manual analysis in complex network environments

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Mastering Active Directory Pivoting: Advanced Techniques and Tools

In this chapter, we explore advanced network pivoting techniques, using tools like Chisel and SSH in a lab setup. We focus on local and remote port forwarding and dynamic port forwarding for practical cybersecurity skills development.

Read more

Building the Offensive Security Playground: A Step-by-Step Guide

Building an Adaptable Hacking Lab: Subnets, Static IPs, and Services

This article covers setting up subnets, static IPs, firewalls in Proxmox, and configuring Windows, Kali, Ubuntu servers. It includes Docker setup for web service deployment, creating a versatile cybersecurity lab environment.

Read more

Building the Offensive Security Playground: A Step-by-Step Guide

Configuring a Proxmox-Based Hacking Lab: Active Directory and Windows Setup

In this chapter, we finalize driver setups for Windows in Proxmox and configure an Active Directory for practice attacks. We cover driver installation, domain controller setup, certificate services, user creation, and SMB enablement, preparing a complete hacking lab environment.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Advanced Exploits: Overcoming Restrictions with GOT and PLT

Expanding Exploit Techniques: This chapter delves into complex exploit scenarios, utilizing GOT and PLT knowledge to bypass advanced code restrictions, enhancing our toolkit with dynamic function resolution strategies.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Decoding Kerberos: Understanding the Authentication Process and Main Attacks

Explore Kerberos' mechanics and key attacks in a lab setting. Learn authentication steps, and master techniques like Kerberoast and Golden Ticket for practical cybersecurity skills

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Exploiting Buffer Overflow: Crafting Interactive Shell Exploits with Shellcode

This chapter combines shellcode knowledge and buffer overflow exploitation to gain shell access through a vulnerable program. It includes using pwndbg for detailed analysis and advanced pwntools for crafting effective exploits, bridging theory and practice.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Shellcode Mastery: Crafting, Optimizing, and Debugging Assembler Code

"Explore shellcode development: Learn assembler programming for creating efficient, compact shellcodes, avoid null character issues, and use diagnostic tools like radare2 and strace for effective troubleshooting

Read more

Python Prowess: Ethical Hacking Explorations for Security Enthusiasts

Python for Web Hacking: Harnessing ipython3 and Building Custom Functionalities

Discover Python's power in hacking web apps: Learn ipython3 use, scripting for authorization tests and brute force attacks, and effective error troubleshooting with practical, hands-on examples

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Mastering NTLM: Exploring Authentication, Vulnerabilities, and Exploits

In this guide on NTLM, Microsoft's authentication protocol, we explore its three-step process and delve into various attacks like 'Pass the Hash' and NTLM Relay. Techniques like reconnaissance, credential validation, and hash retrieval are examined, highlighting NTLM's role in network security.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Exploring Buffer Overflow Exploits: A Practical Guide with Dynamic Analysis

We explore vulnerable code, disabling defenses and utilizing radare2 for dynamic analysis. Focusing on 'strcpy' and 'Smash the Stack' attack, we manipulate a buffer to alter 'modified'. The article covers buffer overflow, debugging, and the significance of testing various payloads

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

User-Centric Pentesting: Unveiling Secrets with PowerView and PowerSploit

Explore Active Directory in-depth: Learn to identify key user accounts, decrypt secrets with NT/LM hashes and Kerberos keys, understand computer accounts, and strategically manage user groups for effective penetration testing.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Exploring ELF Binary Dynamics: Relocations and Sections in Depth

Explore ELF binaries in Linux: Understand disassembly, sections like .text, .init, and dynamic linking with PLT, GOT. Uncover memory management, variables in .bss, .data, .rodata, and delve into lazy binding for efficient, secure code execution

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Windows Authentication Deep Dive: Unveiling Protocols, Credential Storage, and Extraction Techniques

This chapter explores Windows authentication, SSO, and credential extraction. It covers protocols like Kerberos, NTLM, and Mimikatz for retrieving credentials. LSA and SAM play vital roles, and PowerShell history can reveal digital footprints. LaZagne is a tool for credential recovery.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Decoding the Compiler: A Deep Dive into the Phases of C Code Compilation

The C compilation process encompasses preprocessing, compiling to assembly, assembly to machine code, linking object files, and managing libraries. Symbols are key for functions and variables. Each phase contributes to creating efficient software for C programmers

Read more

Exploring API Security: A Practical Guide to Uncovering Vulnerabilities

Exploring the API Realm: An Introductory Guide to Recognition in RESTful and GraphQL APIs

Explore the world of APIs in this series covering Restful and GraphQL paradigms. Learn about JSON, API recognition, versioning, and Introspection Query for GraphQL.

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Dancing with Functions: Unraveling the Assembler Function Convention in x32

Explore x32 function calling, the dance of frame pointers, and the ballet of call instructions. Each segment crafts an eloquent narrative in the intricate performance on the stack. Witness the artistry of assembly language unfold.

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Mastering Windows Remote Secrets: Techniques and Tools for Unveiling Hidden Realms

Explore Windows machines in Active Directory: From LDAP insights to SMB mastery, remote access tools like PsExec, Python's pypsexec, and WinRM empower seamless control and discovery within the Windows domain landscape

Read more

Initiating Linux Binary Exploitation: A Beginner's Expedition into Code Manipulation

Embarking on the Exploration: Fundamentals of Binary Exploitation on Linux

Introduction Embarking on a journey to unravel the intricacies of binary exploitation techniques, I'm excited to share my experiences in this series. While it's admittedly one of the trickier topics to tackle, especially for beginners, I've decided to take the plunge in 2023! 😅 My guide of choice is the remarkable Nightmare course, supplemented by additional resources listed below. So, let's dive into the fascinating world of binary exploitation! The compilation Process The compilation proc

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Unveiling the Secrets of Domain Controllers: A Journey into Active Directory Security

Introduction In this journey through Active Directory security, we immerse ourselves in the pivotal role of Domain Controllers (DC). Positioned as central servers housing Active Directory Domain Services (AD DS), DCs play a fundamental role in maintaining the New Technologies Directory Services (NTDS) database. Not only do they oversee the database, but they also orchestrate authorization, authentication, and various essential services within the domain. Domain Controllers The NTDS d

Read more

Building the Offensive Security Playground: A Step-by-Step Guide

Building Your Hacking Playground: Proxmox Unveiled and Windows Symphony

Introduction Welcome to the kickoff of our series, where I'll guide you through the art of setting up a dynamic hacking practice environment. This first post is all about laying the groundwork for a potent Windows hacking practice arena using Proxmox. Excitingly, in the chapters to come, we'll unravel advanced configurations, network optimizations, and ventures into realms like pivoting and web hacking. Unveiling Proxmox Proxmox, our secret weapon, stands for a type-1 hypervisor—a so

Read more

Navigating the Active Directory Maze: Unveiling Hacking Strategies

Initiating the Active Directory Odyssey: Unveiling Key Concepts and Building the Foundations

Introduction to the series Embark on a journey through the first post of this blog, where we unravel the intricacies of Active Directory. This topic, a personal favorite and a recurrent element in offensive security projects, takes center stage in our exploration. A year ago, I initiated the Igris project—a Python tool crafted to test Active Directory security. Currently paused for re-engineering in the nim programming language, it serves as a potential foundation for those keen on creating off

Read more