MananUncommon Physical Breach to Domain Admin CompromiseRecently, during one of a red team engagement, i found myself completely stuck as the defenses of the enterprise’s external perimeters were…5d ago5d ago
MananMicrosoft Devtunnel with Havoc C2During an internal red team engagement, i didn’t have any access to CDN, redirector or reverse proxy. I just had a Windows Laptop and a…May 6May 6
MananVulnLab SideCar WalkthroughSidecar, involved two machines WS01 and DC01, rated as hard. Initial access to WS01 was gained by uploading a shortcut file, carefully…Dec 22, 2023Dec 22, 2023
MananLateral movement between two domains without abusing Trust Relationships.Recently during a red team activity, i came across a situation where i had compromised domain admin of Domain A(let’s say abc.local)Aug 20, 20231Aug 20, 20231
MananUsing Rubeus to change the password “STATUS_PASSWORD_MUST_CHANGE”So recently while solving a lab, i came across a situation where i had a bidirectional trust between two domains that is between domain A…Aug 8, 2023Aug 8, 2023
MananHeapdump to account takeover to PII Data LeakSo recently while testing few of the web applications i found a whitelabel error page which showed 404 as shown below that too on an api…Jul 29, 20231Jul 29, 20231