Published inR3d Buck3T·May 17How to Abuse Resource-Based Constrained Delegation to Gain Unauthorized AccessLearn how to exploit this security risk to gain unauthorized access to resources on the Active Directory domain. Resource-based constrained delegation is a security feature in Active Directory that allows one service or system to delegate its authentication authority to another service or system, granting it limited access to specific…Cybersecurity11 min readCybersecurity11 min read
Published inR3d Buck3T·Mar 3Cross-Origin Resource Sharing (CORS) Testing GuideIdentifying CORS Vulnerabilities: Common Attack Vectors and Mitigation Strategies All web browsers implement a security model known as the Same-Origin Policy (SOP) that restricts domains from accessing and retrieving data from other domains’ resources. …Cybersecurity12 min readCybersecurity12 min read
Published inR3d Buck3T·Jan 11External Penetration Testing MethodologyHow to run an External Pentest Assessment An external penetration test is a security assessment that simulates an attack on an organization’s systems and defenses from the internet. …Security8 min readSecurity8 min read
Published inR3d Buck3T·Dec 22, 2022Active Directory Lab (Part 2) — Configuring Active Directory ServicesConfigure Active Directory Domain Services and Automate Domain Users Creation with PowerShell A domain controller is a server responsible for managing network access, verifying user credentials, and enforcing security policies. …Infosec10 min readInfosec10 min read
Published inR3d Buck3T·Dec 12, 2022Active Directory Lab (Part 1) — Windows Server 2022 SetupActive Directory is essential to internal penetration testing as most organizations use it for their Windows infrastructure. As security professionals, we need to learn about this technology and understand the attacks that can be carried out against it. In this post and the upcoming ones, we will learn more about…Cybersecurity8 min readCybersecurity8 min read
Published inR3d Buck3T·Nov 15, 2022Domain Escalation with Token ImpersonationToken Impersonation with Delegation Tokens — MITRE ATT&ACK — Access Token Manipulation T1134 Token impersonation is a Windows post-exploitation technique that allows an attacker to steal the access token of a logged-on user on the system without knowing their credentials and impersonate them to perform operations with their privileges. This…Cybersecurity6 min readCybersecurity6 min read
Published inR3d Buck3T·Jul 16, 2022DLL Injection Over SMB ServicePrivilege Escalation & Defense Evasion — MITRE ATT&CK (T1055) Dynamic Link libraries, knowns as DLLs, are blocks of code containing data that provide instructions on how to run programs within the Windows system. If the DLLs are malicious, they can execute arbitrary code in memory and perform various nefarious operations. …Hacking4 min readHacking4 min read
Published inR3d Buck3T·Apr 24, 2022Domain Takeover with PetitPotam Exploitdomain escalation from a low-privileged user to a domain admin Petitpotam is a vulnerability that allows a domain user to take over domain controllers through triggering authentications using the MS-EFSRPC protocol. The vulnerability lies in the insufficient path checks in the EfsRpcOpenFileRaw function of the EFSRPC API that allows an…Hacking11 min readHacking11 min read
Published inR3d Buck3T·Mar 9, 2022Attacking Kerberos Constrained DelegationTrust this user/computer for delegation to specified services only Delegation is the act of giving someone authority or responsibility to do something on behalf of someone else. …Cybersecurity8 min readCybersecurity8 min read
Published inR3d Buck3T·Feb 19, 2022Breaking Domain Trusts with Forged Trust TicketsAbuse Active Directory domain trusts for privilege escalation to Enterprise Admin In the previous post about enumerating domain trusts, we discussed trust relationships between domains and forests. …Cybersecurity5 min readCybersecurity5 min read
