Exploiting Microsoft Windows Active Directory Certificate Service | CVE-2022-26923
Introduction We covered the recent vulnerability CVE-2022-26923 that affected Microsoft Windows Active Directory Certificate Service which allowed for local…
CVEs and Public Exploits
Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527)
Introduction Per Microsoft, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file…
Numeric SQL Injection Vulnerability | OWASP Webgoat Lab
In this post, We demonstrated numeric SQL Injection Vulnerability using OWASP WebGoat Lab. Numeric SQL injection is the same…
Investigating Conti Ransomware on Microsoft Exchange with Splunk | TryHackMe
In this post, we investigated the Conti ransomware that hit Microsoft Exchange via a series of vulnerabilities. We used…
Exploiting Server Side Request Forgery (SSRF) | HackTheBox Kotarak
In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using…
The ShellShock Vulnerability Explained | HackTheBox Shocker
Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be sent simply…
The Log4j Vulnerability Explained
We demonstrated the detection and discovery of the recent Apache Log4j Vulnerability CVE-2021-44228 in addition to exploitation, mitigation and…
How to test if your exchange server is compromised and vulnerable
Premise In this post, I will briefly talk about testing your on-premises Microsoft exchange server is vulnerable to CVE-2021-26855,…