Homepage
Open in app
Sign in
Get started
R3d Buck3T
Penetration Testing, Vulnerability Assessment and Red Team Learning
Web Security
Cloud Security
Active Directory
Network Security
Wireless
Archive
About
GitHub
Follow
Latest Articles
Payload Delivery with Azure Static Website and IPFS Dropper
Payload Delivery with Azure Static Website and IPFS Dropper
Weaponizing InterPlanetary File System and Azure Sites
Nairuz Abulhul
May 22, 2024
Configure Fireprox for IP Rotation using AWS API Gateway
Configure Fireprox for IP Rotation using AWS API Gateway
Unlock the power of the AWS API gateway with Fireprox configuration
Nairuz Abulhul
May 12, 2024
Adding Certificates to Postman & Burp Suite for API Testing
Adding Certificates to Postman & Burp Suite for API Testing
Testing APIs with Certificate-based authentication
Nairuz Abulhul
Apr 30, 2024
Featured Articles
Red Teaming in the Cloud: Deploying Azure VMs for C2 Infrastructure
Red Teaming in the Cloud: Deploying Azure VMs for C2 Infrastructure
A Guide to Deploying Red Team Infrastructure on Azure
Nairuz Abulhul
Dec 14, 2023
Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access
Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access
Exploiting Resource-Based Constrained Delegation for Unauthorized Access [Updated]
Nairuz Abulhul
May 17, 2023
Red Teaming in the Cloud: Installing Mythic C2 on Azure VM
Red Teaming in the Cloud: Installing Mythic C2 on Azure VM
C2 Deployment and Operations — Infrastructure
Nairuz Abulhul
Dec 26, 2023
Trending Articles
XSS to Exfiltrate Data from PDFs
XSS to Exfiltrate Data from PDFs
Inject Server-Side XSS into dynamically generated PDFs
Nairuz Abulhul
Jul 3, 2021
Cross-Origin Resource Sharing (CORS) Testing Guide
Cross-Origin Resource Sharing (CORS) Testing Guide
Identifying CORS Vulnerabilities: Common Attack Vectors and Mitigation Strategies
Nairuz Abulhul
Mar 3, 2023
Quick Overview of Kerberos Authentication
Quick Overview of Kerberos Authentication
Last month, I enrolled in Pentester Academy Active Directory Bootcamp -Beginner’s Edition by Nikhil Mittal. The course covers Active…
Nairuz Abulhul
Jun 4, 2021
Extracting Macros with Oletools
Extracting Macros with Oletools
Analyzing VBA Macros in Microsoft’s OLE2 files
Nairuz Abulhul
Apr 4, 2021
Virtual Host Enumeration for Uncovering Hidden Subdomains
Virtual Host Enumeration for Uncovering Hidden Subdomains
Tools and Techniques for efficient virtual host discovery
Nairuz Abulhul
Nov 28, 2023
Hijacking Relative Paths in SUID Programs
Hijacking Relative Paths in SUID Programs
Linux Privilege Escalation Technique
Nairuz Abulhul
Nov 3, 2020
Certificate-based Authentication over WinRM
Certificate-based Authentication over WinRM
Advanced WinRM Security: Achieving Passwordless Authentication with Certificate-Based Methods
Nairuz Abulhul
Jun 14, 2023
Abusing SSRF on Selenium Grid
Abusing SSRF on Selenium Grid
Basic Server-Side Request Forgery on Selenium Grid Framework
Nairuz Abulhul
Dec 4, 2020
Active Directory Lab (Part 2) — Configuring Active Directory Services
Active Directory Lab (Part 2) — Configuring Active Directory Services
Configure Active Directory Domain Services and Automate Domain Users Creation with PowerShell
Nairuz Abulhul
Dec 22, 2022
Target:_blank → Tabnapping Attack
Target:_blank → Tabnapping Attack
Why should we care !! How to leveraging this flaw in social engineering attacks?
Nairuz Abulhul
Jun 10, 2020
Play with Hashes — Over Pass The Hash Attack
Play with Hashes — Over Pass The Hash Attack
Lateral Movement Attack in Active Directory Environment, MITRE ATT&CK — ID: T1550.00
Nairuz Abulhul
Jan 29, 2022
Linux PrivEsc with Logrotate Utility
Linux PrivEsc with Logrotate Utility
Linux Logrotate Exploitation - affected versions 3.8.6, 3.11.0, 3.15.0.
Nairuz Abulhul
Jul 5, 2021
Kerberos Attacks — AS-REP Roasting
Kerberos Attacks — AS-REP Roasting
Dumping user hashes for Kerberos disabled pre-authentication accounts
Nairuz Abulhul
Jun 6, 2021
Bypass Authentication with SQL Truncation Attack
Bypass Authentication with SQL Truncation Attack
Injection Attacks, SQL Truncation, OWASP Top 10
Nairuz Abulhul
Jun 23, 2021
Error-Based XPath SQL Injection in OpenEMR
Error-Based XPath SQL Injection in OpenEMR
Data Exfiltration in OpenEMR 2018 v5.0.1
Nairuz Abulhul
Nov 15, 2020
Remote & Local Port Tunneling
Remote & Local Port Tunneling
SSH Port Forwarding, Network Pentesting, Pivoting
Nairuz Abulhul
Jan 10, 2021
Domain Takeover with PetitPotam Exploit
Domain Takeover with PetitPotam Exploit
domain escalation from a low-privileged user to a domain admin
Nairuz Abulhul
Apr 23, 2022
CrackMapExec in Action: Enumerating Windows Networks (Part 1)
CrackMapExec in Action: Enumerating Windows Networks (Part 1)
Strategically Mapping Targets inside the Internal Network
Nairuz Abulhul
Sep 20, 2023
Attacking Kerberos Constrained Delegation
Attacking Kerberos Constrained Delegation
Trust this user/computer for delegation to specified services only
Nairuz Abulhul
Mar 9, 2022
Single Sign-On vs. Federation
Single Sign-On vs. Federation
A simple explanation of the difference between Single Sign-On and Federated Authentication
Nairuz Abulhul
May 18, 2020
Exploiting a Misconfigured NFS Share
Exploiting a Misconfigured NFS Share
Network File Shares, Network Exploitation, Metasploitable
Nairuz Abulhul
Sep 6, 2021
Remote Code Execution in OpenNetAdmin
Remote Code Execution in OpenNetAdmin
Exploit Analysis of OpenNetAdmin v18.1.1
Nairuz Abulhul
Oct 19, 2020
Privilege Escalation with Insecure Windows Service Permissions
Privilege Escalation with Insecure Windows Service Permissions
Guide to Privilege Escalation through Insecure Windows Service Permissions.
Nairuz Abulhul
Aug 29, 2023
Breaking Domain Trusts with Forged Trust Tickets
Breaking Domain Trusts with Forged Trust Tickets
Abuse Active Directory domain trusts for privilege escalation to Enterprise Admin
Nairuz Abulhul
Feb 18, 2022
Windows PrivEsc with SeBackupPrivilege
Windows PrivEsc with SeBackupPrivilege
Obtain NTLM hashes in Windows Domain Controller machines
Nairuz Abulhul
Jul 26, 2021
About R3d Buck3T
Latest Stories
Archive
About Medium
Terms
Privacy
Teams