This is going to be a quick post on some tips that will make your BloodHound analysis much more fluid and painless 😎. …

Original blog post: Exploiting Unconstrained Delegation TLDR;Nothing new under the sun, this post is just part of my series of experiments and practice of active directory…blog.riccardoancarani.it Unconstrained Delegation + The Printer Bug = DCSync TLDR; Nothing new under the sun, this post is just part of my series of experiments and practice of active directory exploitation. We’re going to exploit the well-known issue of Kerberos Unconstrained Delegation using the Printer Bug.

Original blog post: Review of Attacking and Defending Active Directory Intro Today we're going to make a quick review of the course I recently purchased: Attacking and Defending Active…blog.riccardoancarani.it Today we’re going to make a quick review of the course I recently purchased: Attacking and Defending Active Directory offered by PentesterAcademy. You can find the course here: https://www.pentesteracademy.com/activedirectorylab

The original blog post: eLearnSecurity Penetration Testing eXtreme Review The eLearnSecurity Penetration Testing eXtreme or PTX is the most advanced offensive course offered by eLearnSecurity…blog.riccardoancarani.it The eLearnSecurity Penetration Testing eXtreme or PTX is the most advanced offensive course offered by eLearnSecurity. You can find the official course page here. …

Original blog post: Attacking Docker exposed API Today we are going to explore some of the security risks associated with Docker, specifically we are going to examine…blog.riccardoancarani.it Intro Today we are going to explore some of the security risks associated with Docker, specifically we are going to examine the consequences of exposing the native Docker API to the external world. By default when you install docker on a host, you can access the docker API only…

Today we are going to chain two nice exploits: Bad PDF and SMB Relay. We hope to gain a few shells just by tricking a user to open a PDF file, awesome isn’t it? Let’s see how to make everything work! You can find the original blog post here: Bad PDF + SMB Relay = ❤ Today we are going to chain two nice exploits: Bad PDF and SMB Relay. We hope to gain a few shells just by tricking a…blog.riccardoancarani.it

What is this? Another boring post on OSCP? Yup. — You can read the original post in my personal blog, check it out! OSCP Review What is this? Another boring post on OSCP? Yup. As you may already know, after you complete the order you receive the…blog.riccardoancarani.it The material As you may already know, after you complete the order you receive the material from OffSec: - A 400 page PDF that guides you through the pentesting process. - ~8h of video materials, the content is not totally overlapped…

An informal review of one of the top penetration testing certification out there — Intro FIrst of all, what am i going to talk about? eLearnSecurity Professional Penetration Testing (PTP from now) is a course offered from eLearnSecurity, a company based in Dubai, Santa Clara and… Pisa. Yeah Pisa always makes me smile, mainly because I am from Florence (the historical enemy of Pisa, you know…

Part 1: Abusing Old Elasticsearch — Today I put my hands on a new toy called Metasploitable3, the successor of Metasploitable2. For those who don’t know what Metasploitable is, it’s a intentionally vulnerable VM built by Rapid7 for training/testing, you can find it here. I’m really glad that Rapid7 guys came out with this new (well…