Kayssel
Master Offensive Security Through Hands-On Documentation
From Active Directory exploitation to API hacking. Comprehensive guides, real-world techniques, and practical methodologies by Rubén Santos García
📚 Latest Content
Fresh tutorials, techniques, and methodologies from the offensive security frontline
Understanding Ethereum Signatures - The Foundation of Web3 Security
Deep dive into Ethereum's cryptographic signature system, ECDSA, secp256k1, signature anatomy (r, s, v), and practical examples of signing, verifying, and securing Web3 authentication flows.
When Containers Lie: Escaping Root and Breaking Docker Isolation
We explore how root containers and host mounts enable privilege escalation, from SUID binaries in shared volumes to abusing /proc/<PID>/root. Then we show how Valeris detects these risky setups with YAML-based rules before they lead to full host compromise.
Docker Security: Dissecting Namespaces, cgroups, and the Art of Misconfiguration
Docker uses namespaces, cgroups & OverlayFS for isolation, but misconfigs (root, --privileged, sensitive mounts) weaken security. Valeris, a Rust CLI, audits running containers, flags risks, and provides a checklist to harden deployments.
Beyond the CLI: Hacking Smart Contracts with the Slither API
Discover the power of Slither's API for in-depth smart contract auditing. Learn how to build custom detectors, enhance output with Rich, and uncover hidden vulnerabilities beyond standard static analysis.
The Viking’s Question: What Are You Really Fighting For?
A purpose isn't something you wait for. it's something you build. Through discipline, reflection, and action, you can design a life worth living. In this article, we explore what it means to walk with purpose in a world full of noise and distraction.
Slither: Your First Line of Defense in Smart Contract Security
Slither: A powerful static analysis tool that scans smart contracts for vulnerabilities, maps attack surfaces, and visualizes code relationships—essential for efficient security auditing and penetration testing of blockchain applications.
Fuel for the Ritual: Gas Mechanics and Misfires in Web3
Learn how poor gas management can break smart contracts, open attack vectors, and waste resources. We explore real examples, test cases, and practical tips to help you audit and optimize gas usage like a pro—without burning your mana.
Strengthening Smart Contracts: Unit Testing, Fuzzing, and Invariant Testing with Foundry
We explore unit testing, fuzzing, and invariant testing in smart contracts to detect vulnerabilities and enhance security before deployment, using Foundry for automated and effective testing.
Hacking ERC-20: Pentesting the Most Common Ethereum Token Standard
ERC-20 tokens power Ethereum, but poor implementations can be riddled with vulnerabilities. From integer overflows to reentrancy and front-running attacks, pentesters must scrutinize contracts. This chapter explores key flaws, exploits, and Foundry-based testing to break and secure ERC-20 tokens. 🚀
selfdestruct Unleashed: How to Hack Smart Contracts and Fix Them
Explore how Ethereum’s powerful selfdestruct function can be exploited to bypass deposit restrictions and drain smart contract funds. This guide breaks down a real-world attack, explains the vulnerability, and provides actionable steps to secure contracts against similar exploits.
UUPS Proxies: A Double-Edged Sword – Efficient Upgrades, Hidden Risks
In this chapter, we explore UUPS Proxies, their efficiency, and security trade-offs compared to Transparent Proxies. We break down their architecture, deployment, and common vulnerabilities. We also examine Beacon, Minimal, and Diamond Proxies, analyzing their risks and real-world use cases. 🚀
Transparent Proxies: The Key to Upgradeable Contracts Without Breaking a Sweat
Transparent Proxies allow smart contracts to be upgraded without changing their address, forwarding calls to implementation contracts while preserving state. In this chapter, we deployed, interacted with, and upgraded a proxy, exploring its architecture and benefits.
The Magic and Mayhem of delegatecall: A Deep Dive into Solidity’s Most Powerful Feature
delegatecall is a powerful Solidity feature enabling one contract to execute another’s code while using its own storage. This flexibility allows for upgradable designs but poses risks like storage overwrites and exploits. Learn how it works, its pitfalls, and how to mitigate them effectively.
Secrets in the Open: Unpacking Solidity Storage Vulnerabilities
This chapter explores Solidity's storage vulnerabilities, showcasing how attackers exploit them and proposing solutions like hashing, off-chain storage, and dynamic secrets to secure smart contracts.
Breaking the Bank: Exploiting Integer Underflow in Smart Contracts
This chapter explores an integer underflow vulnerability in the DecentralizedBank contract. Using Anvil and a Bash script, we simulate an attack where the attacker inflates their balance due to a logic flaw and withdraws 5 ETH, showcasing the importance of proper validation in smart contracts.
From Front-Running to Sandwich Attacks: An Advanced Look at MEV Exploits
In this chapter, we explored the mechanics of Sandwich Attacks using a vulnerable smart contract. We deployed the contract, simulated a victim's transaction, and automated the attack with a Python bot. Key takeaways include understanding slippage, private relayers, and dynamic pricing as defenses.
Breaking the Bet: Simulating Flash Loan Attacks in Decentralized Systems
Explore how flash loan vulnerabilities impact decentralized systems through the DragonBet contract. Learn about AMMs, token pricing, and manipulation strategies. Dive into a simulated attack and discover key techniques to secure smart contracts against exploitation.
Simulating Front-Running Attacks in Ethereum: A Deep Dive with Foundry and Anvil
This article explores front-running vulnerabilities in Ethereum smart contracts using the BiomechanicalRace case study. It simulates attacks with Anvil, Cast, and a custom validator, analyzing gas price impacts and proposing secure design solutions like commit-reveal schemes to prevent exploits.
The Traitor Within: Reentrancy Attacks Explained and Resolved
This chapter explores reentrancy attacks in Ethereum, showcasing vulnerabilities in smart contracts and how they can be exploited using Foundry for testing. We demonstrate the attack strategy, implement a fix to secure the contract, and emphasize best practices for robust Solidity development.
Refunds Gone Wrong: How Access Control Flaws Can Drain Your Contract
This article explores a smart contract access control vulnerability using the Magic Item Shop example. By demonstrating an exploit due to missing ownership checks, we highlight the importance of verifying caller authorization, rigorous testing, and secure coding practices to protect contracts.
Exploiting Predictable Randomness in Ethereum Smart Contracts
This chapter examines how attackers can exploit predictable randomness in a lottery contract, using Ganache to simulate the attack. It highlights the vulnerability of on-chain randomness and suggests secure solutions like Chainlink VRF.
Pentesting Web3: Setting Up a Smart Contract Testing Environment
Web3 transforms the internet with decentralization via blockchain, empowering users over data and security. This article covers blockchain basics, smart contracts, security risks, common vulnerabilities, and lays groundwork for upcoming articles on Web3 attacks and secure development practices
Patching Native Libraries for Frida Detection Bypass
In this chapter, we learned to patch a native library to bypass Frida detection. We explored decompiling the APK, modifying the detection function’s flow, recompiling the APK, and testing the bypass, highlighting the limits of basic obfuscation.
Enhancing Android Security with Native Libraries: Implementation and Evasion Techniques
Native libraries in Android boost security by adding low-level defenses, making bypass attempts harder. Still, tools like Frida can evade these measures. The next chapter will cover advanced techniques, including reverse engineering, to overcome tougher security setups
Securing Biometric Authentication: Defending Against Frida Bypass Attacks
This article explains how attackers use Frida to bypass biometric authentication and how to defend against it. By understanding the Android Keystore, CryptoObject, and encryption, we implement security measures to protect sensitive data and strengthen biometric authentication in Android apps.
Cracking Android Biometric Authentication with Frida
In this chapter of the Android pentesting series, we implemented local authentication using the BiometricPrompt API and demonstrated how it can be bypassed using Frida on a rooted emulator. We highlighted the importance of securing authentication to prevent bypass attacks.
Linking with Confidence: Securing Deep Links in Android Applications
Explore the power and security of deep links in Android. Understand traditional and app links, identify vulnerabilities, and learn to exploit them using the "InsecureShop" app. Secure your deep links with URL validation, strict intent filters, and HTTPS to protect against potential threats.
Mastering Android Activity Hacking: Techniques and Tools
This article explores using Objection to investigate and manipulate Android activities. It highlights uncovering hidden features, exploiting vulnerabilities like insecure JWTs, and the importance of securing applications to protect against significant security risks.
Cracking the Code: Exploring Reverse Engineering and MobSF for Mobile App Security
In this chapter, we decoded server responses through APK reverse engineering, uncovering obfuscation techniques. We also introduced MobSF for automated security analysis, identifying vulnerabilities and enhancing the security posture of mobile applications.
Exploring Android File System and Log Vulnerabilities
In this chapter, we explored Android file system security using the com.app.damnvulnerablebank app. We identified JWT vulnerabilities and analyzed key directories. Next, we'll examine the app's encryption algorithm to see if we can access other users' data using JWTs.
Comprehensive Android Security Testing: Patching, Objection, and API Backend
This article explores advanced Android pentesting: patching apps to bypass security, using Objection for real-time inspection, and configuring backends with Docker Compose. These techniques enable deeper analysis and better vulnerability detection.
Mastering Mobile Security: A Guide with Damn Vulnerable Bank
The article discusses using "Damn Vulnerable Bank" to teach mobile app security, focusing on setup, OWASP guidelines, and tools like APKTool and Frida for practical insights.
From Chaos to Clarity: The Art of Fuzzing with Nuclei
Embarking on a cybersecurity journey, we explore creating custom Nuclei templates for detecting SQLi in POST requests, leveraging mitmproxy for testing. This endeavor enhances our digital defenses by merging Nuclei's precision with fuzzing's unpredictability.
Harnessing the Power of Nuclei: A Guide to Advanced Vulnerability Scanning
Nuclei, a standout in cybersecurity, offers template-driven vulnerability scanning. Enhanced by community collaboration, it's crucial for proactive defense. For deeper insights, visit Project Discovery's guide to unlock Nuclei's full potential and stay ahead in cybersecurity.
From Novice to Ninja: Proxy Techniques in Pentesting
Embark on a voyage through proxy-powered web penetration testing. From configuring mitmproxy to uncovering vulnerabilities in real-world applications, discover the tools and tactics essential for navigating the ever-evolving cybersecurity landscape.
API Safeguards: Mastering Rate Limiting and GraphQL Security
Exploring API security, this chapter covers rate limiting in REST APIs and dives into GraphQL vulnerabilities. It includes setting up a "Damn Vulnerable GraphQL Application" lab, testing with Altair, and emphasizes the importance of robust security measures in API design and testing.
The Art of Fuzzing: Navigating Web Security with Advanced Testing Strategies
Explore fuzzing in web pen testing, from uncovering directories to attacking login portals and finding vulnerabilities, utilizing tools like ffuf.
Katana in Action: Enhancing Security Audits Through Effective Web Crawling
Explore advanced crawling techniques for web security audits, focusing on tools like Katana and proxies to uncover hidden vulnerabilities and secure web applications effectively.
Web Application Hacking Fundamentals: Starting the Journey
We delve into web app hacking basics, covering essential tools, OWASP Juice Shop lab setup, and key skills in Linux, Python, and security. The first step towards mastering web security.
Unveiling Shadows: Navigating the Risks of Unauthenticated API Access and Excessive Information Exposure
This article explores Unauthenticated API Access and Excessive Information Exposure, highlighting tools like Burp Suite, Autorize, and Aquatone for identifying and mitigating these vulnerabilities in API security.
Active Directory Pentesting Methodology: Crafting Strategies for Success
In this series, we delved into Active Directory fundamentals, covering essential concepts, advanced reconnaissance, privilege escalation, lateral movement, and domain dominance. We explored techniques like Pass the Hash, Pass the Ticket, and Golden Ticket for comprehensive network penetration.
API Security Under the Microscope: Unmasking Mass Assignment and Broken User Authentication
This chapter delves into Mass Assignment and Broken User Authentication, offering insights on identifying and mitigating these API vulnerabilities. Gain strategies to secure your digital assets and enhance your cybersecurity posture.
Securing the Gates: Mastering BOLA and BFLA in API Security
Explore BOLA and BFLA in API security. Uncover how BOLA leads to unauthorized data access and BFLA allows executing restricted functions. Through practical demonstrations with OWASP's crAPI, understand the critical need for stringent authorization in APIs.
Three Keys to the Kingdom: Uncovering the Roles of Account Operators, Backup Operators, and Event Log Readers in Offensive Security
Discover the roles of Account Operators, Backup Operators, and Event Log Readers in Active Directory security. Learn about their privileges, vulnerabilities, and ethical ways to manage and mitigate risks in our comprehensive series.
Decoding JWT: Unveiling Vulnerabilities in API Security
Dive into JWTs in API hacking: Explore a key vulnerability, learn tools like jwt_tool and Burp Suite, and understand the 'what-ifs' in security, like altering roles. For more, visit Burp Suite's site. Stay curious in cybersecurity!
Unveiling API Hacking: A Methodological Journey Through Recognition and Exploration
Embark on the "Hacking APIs" journey—setting up a dynamic lab, applying OWASP methodologies, and conducting potent brute force tests on crAPI. Stay tuned for the next chapter, delving into precise login portal testing to fortify application security
Navigating SeImpersonatePrivilege and Unleashing Remote Code Execution
Explore the intrigue of Windows privilege escalation in Chapter 13 of #ActiveDirectory Chronicles. Join SeImpersonatePrivilege and JuicyPotato on a journey of ethical hacking, hands-on labs, and real-world exploits in the dynamic realm of cybersecurity.
ROP Magic: Exploiting Linux Binaries with ret2libc
Discover the art of ROP in binary exploitation. From buffer overflows to crafting a "/bin/sh" execution using libc gadgets, this article provides insights into bypassing security measures and mastering exploit development with practical examples.
Time to Rise: Privilege Escalation Chronicles – Unveiling Windows Scheduled Task Exploits
Explore how misconfigured Windows scheduled tasks can lead to privilege escalation. Learn to set up a lab, identify vulnerabilities, and execute an attack for comprehensive understanding.
Path to Power: Unleashing Windows Privileges through Unquoted Service Paths
Explore Unquoted Service Path, a Windows privilege escalation vulnerability. Learn to set up labs, use detection tools, and execute attacks for hands-on understanding and defense.
DLL Hijacking: Understanding, Detecting, and Exploiting Privilege Escalation on Windows
In this guide, we explore DLL hijacking for privilege escalation in Windows. It covers detecting vulnerabilities using Winpeas, creating a malicious DLL, and overcoming User Account Control (UAC) obstacles, demonstrating real-world implications.
Mastering Binary Exploitation: Unleashing the Power of Format String and Buffer Overflow
In this chapter, we explore binary exploitation, focusing on buffer overflow and format string vulnerabilities. Using radare2, we pinpoint key memory addresses and adjust character counts in our exploit, overcoming challenges like unexpected compiler behavior.
Mastering Format String Exploits: A Comprehensive Guide
Explore the intricacies of format string vulnerabilities in C programming. Learn their risks, exploit development with radare2, and crafting Python exploits. Gain crucial insights into secure coding practices.
Active Directory Enumeration: Automated and Manual Techniques for Privilege Escalation
Explore Active Directory enumeration and privilege escalation techniques, using tools like BloodHound for automatic insights and PowerView for stealthy, manual analysis in complex network environments
Mastering Active Directory Pivoting: Advanced Techniques and Tools
In this chapter, we explore advanced network pivoting techniques, using tools like Chisel and SSH in a lab setup. We focus on local and remote port forwarding and dynamic port forwarding for practical cybersecurity skills development.
Building an Adaptable Hacking Lab: Subnets, Static IPs, and Services
This article covers setting up subnets, static IPs, firewalls in Proxmox, and configuring Windows, Kali, Ubuntu servers. It includes Docker setup for web service deployment, creating a versatile cybersecurity lab environment.
Configuring a Proxmox-Based Hacking Lab: Active Directory and Windows Setup
In this chapter, we finalize driver setups for Windows in Proxmox and configure an Active Directory for practice attacks. We cover driver installation, domain controller setup, certificate services, user creation, and SMB enablement, preparing a complete hacking lab environment.
Advanced Exploits: Overcoming Restrictions with GOT and PLT
Expanding Exploit Techniques: This chapter delves into complex exploit scenarios, utilizing GOT and PLT knowledge to bypass advanced code restrictions, enhancing our toolkit with dynamic function resolution strategies.
Decoding Kerberos: Understanding the Authentication Process and Main Attacks
Explore Kerberos' mechanics and key attacks in a lab setting. Learn authentication steps, and master techniques like Kerberoast and Golden Ticket for practical cybersecurity skills
Exploiting Buffer Overflow: Crafting Interactive Shell Exploits with Shellcode
This chapter combines shellcode knowledge and buffer overflow exploitation to gain shell access through a vulnerable program. It includes using pwndbg for detailed analysis and advanced pwntools for crafting effective exploits, bridging theory and practice.
Shellcode Mastery: Crafting, Optimizing, and Debugging Assembler Code
"Explore shellcode development: Learn assembler programming for creating efficient, compact shellcodes, avoid null character issues, and use diagnostic tools like radare2 and strace for effective troubleshooting
Python for Web Hacking: Harnessing ipython3 and Building Custom Functionalities
Discover Python's power in hacking web apps: Learn ipython3 use, scripting for authorization tests and brute force attacks, and effective error troubleshooting with practical, hands-on examples
Mastering NTLM: Exploring Authentication, Vulnerabilities, and Exploits
In this guide on NTLM, Microsoft's authentication protocol, we explore its three-step process and delve into various attacks like 'Pass the Hash' and NTLM Relay. Techniques like reconnaissance, credential validation, and hash retrieval are examined, highlighting NTLM's role in network security.
Exploring Buffer Overflow Exploits: A Practical Guide with Dynamic Analysis
We explore vulnerable code, disabling defenses and utilizing radare2 for dynamic analysis. Focusing on 'strcpy' and 'Smash the Stack' attack, we manipulate a buffer to alter 'modified'. The article covers buffer overflow, debugging, and the significance of testing various payloads
User-Centric Pentesting: Unveiling Secrets with PowerView and PowerSploit
Explore Active Directory in-depth: Learn to identify key user accounts, decrypt secrets with NT/LM hashes and Kerberos keys, understand computer accounts, and strategically manage user groups for effective penetration testing.
Exploring ELF Binary Dynamics: Relocations and Sections in Depth
Explore ELF binaries in Linux: Understand disassembly, sections like .text, .init, and dynamic linking with PLT, GOT. Uncover memory management, variables in .bss, .data, .rodata, and delve into lazy binding for efficient, secure code execution
Windows Authentication Deep Dive: Unveiling Protocols, Credential Storage, and Extraction Techniques
This chapter explores Windows authentication, SSO, and credential extraction. It covers protocols like Kerberos, NTLM, and Mimikatz for retrieving credentials. LSA and SAM play vital roles, and PowerShell history can reveal digital footprints. LaZagne is a tool for credential recovery.
Decoding the Compiler: A Deep Dive into the Phases of C Code Compilation
The C compilation process encompasses preprocessing, compiling to assembly, assembly to machine code, linking object files, and managing libraries. Symbols are key for functions and variables. Each phase contributes to creating efficient software for C programmers
Exploring the API Realm: An Introductory Guide to Recognition in RESTful and GraphQL APIs
Explore the world of APIs in this series covering Restful and GraphQL paradigms. Learn about JSON, API recognition, versioning, and Introspection Query for GraphQL.
Dancing with Functions: Unraveling the Assembler Function Convention in x32
Explore x32 function calling, the dance of frame pointers, and the ballet of call instructions. Each segment crafts an eloquent narrative in the intricate performance on the stack. Witness the artistry of assembly language unfold.
Mastering Windows Remote Secrets: Techniques and Tools for Unveiling Hidden Realms
Explore Windows machines in Active Directory: From LDAP insights to SMB mastery, remote access tools like PsExec, Python's pypsexec, and WinRM empower seamless control and discovery within the Windows domain landscape
Embarking on the Exploration: Fundamentals of Binary Exploitation on Linux
Introduction Embarking on a journey to unravel the intricacies of binary exploitation techniques, I'm excited to share my experiences in this series. While it's admittedly one of the trickier topics to tackle, especially for beginners, I've decided to take the plunge in 2023! 😅 My guide of choic...
Unveiling the Secrets of Domain Controllers: A Journey into Active Directory Security
Introduction In this journey through Active Directory security, we immerse ourselves in the pivotal role of Domain Controllers (DC). Positioned as central servers housing Active Directory Domain Services (AD DS), DCs play a fundamental role in maintaining the New Technologies Directory Services (...
Building Your Hacking Playground: Proxmox Unveiled and Windows Symphony
Introduction Welcome to the kickoff of our series, where I'll guide you through the art of setting up a dynamic hacking practice environment. This first post is all about laying the groundwork for a potent Windows hacking practice arena using Proxmox. Excitingly, in the chapters to come, we'll un...
Initiating the Active Directory Odyssey: Unveiling Key Concepts and Building the Foundations
Introduction to the series Embark on a journey through the first post of this blog, where we unravel the intricacies of Active Directory. This topic, a personal favorite and a recurrent element in offensive security projects, takes center stage in our exploration. A year ago, I initiated the Igri...