Homepage
Open in app
Sign in
Get started
R3d Buck3T
Penetration Testing, Vulnerability Assessment and Red Team Learning
Network Pentesting
Web Security
Cloud Security
Windows
Linux
Active Directory
Wireless
GitHub
Follow
Latest
DLL Injection Over SMB Service
DLL Injection Over SMB Service
Privilege Escalation & Defense Evasion — MITRE ATT&CK (T1055)
Nairuz Abulhul
Jul 15
Features Articles
Domain Takeover with PetitPotam Exploit
Domain Takeover with PetitPotam Exploit
domain escalation from a low-privileged user to a domain admin
Nairuz Abulhul
Apr 23
Attacking Kerberos Constrained Delegation
Attacking Kerberos Constrained Delegation
Trust this user/computer for delegation to specified services only
Nairuz Abulhul
Mar 9
Attacking Kerberos Unconstrained Delegation
Attacking Kerberos Unconstrained Delegation
Trust this user/computer for delegation to any service
Nairuz Abulhul
Feb 8
Attacking Service Accounts with Kerberoasting
Attacking Service Accounts with Kerberoasting
Forge Service Tickets (TGS) with Kerberoasting MITRE ATT&CK ID: T1558.003, Active HTB machine
Nairuz Abulhul
Feb 2
Play with Hashes — Over Pass The Hash Attack
Play with Hashes — Over Pass The Hash Attack
Lateral Movement Attack in Active Directory Environment, MITRE ATT&CK — ID: T1550.00
Nairuz Abulhul
Jan 29
Web Security
Eval(“console.log(‘RCE Warning’)”)
Eval(“console.log(‘RCE Warning’)”)
Remote Code Execution in Node.js using the Eval function — Dibble
Nairuz Abulhul
Oct 30, 2021
XSS to Exfiltrate Data from PDFs
XSS to Exfiltrate Data from PDFs
Inject Server-Side XSS into dynamically generated PDFs
Nairuz Abulhul
Jul 3, 2021
Bypass Authentication with SQL Truncation Attack
Bypass Authentication with SQL Truncation Attack
Injection Attacks, SQL Truncation, OWASP Top 10
Nairuz Abulhul
Jun 23, 2021
Bypass IP Restrictions with Burp Suite
Bypass IP Restrictions with Burp Suite
Automatically add headers to all Burp requests to bypass basic WAF rules
Nairuz Abulhul
May 26, 2021
Top 10 Tips for Burp Suite
Top 10 Tips for Burp Suite
Collection of useful features in Burp Suite Application
Nairuz Abulhul
Feb 21, 2021
What to do with XXE Vulnerability ?!!
What to do with XXE Vulnerability ?!!
Enumeration, Data Exfiltration, and SSRF Attacks
Nairuz Abulhul
Jan 14, 2021
Exploiting Remote File Inclusion with SMB
Exploiting Remote File Inclusion with SMB
Recently working on the Sniper machine on hack the box, I came across a technique of exploiting a remote file inclusion on a PHP…
Nairuz Abulhul
Dec 29, 2020
Abusing SSRF on Selenium Grid
Abusing SSRF on Selenium Grid
Basic Server-Side Request Forgery on Selenium Grid Framework
Nairuz Abulhul
Dec 4, 2020
Target:_blank → Tabnapping Attack
Target:_blank → Tabnapping Attack
Why should we care !! How to leveraging this flaw in social engineering attacks?
Nairuz Abulhul
Jun 10, 2020
Digging into Local File Inclusion
Digging into Local File Inclusion
Basic methodology to approach LFI vulnerability when Pentesting a Web Application
Nairuz Abulhul
Jun 20, 2020
About R3d Buck3T
Latest Stories
Archive
About Medium
Terms
Privacy
