Kerberos authentication is one of the cores of the AD, knowing how it works facilitates the deep understanding of many attacks.

In order to understand attacks such as Pass the hash, relaying, Kerberos attacks, one should have pretty good knowledge about the windows Authentication / Authorization process.
That’s what we’re going to achieve in this series.
In this part we’re discussing the different types of windows hashes and focus on the NTLM authentication process.

We decided to look at the most popular on-premise helpdesk solutions. In this article we explain how we managed to find and exploit multiple vulnerabilities that eventually lead to remote code execution (RCE) at DeskPro software utilized by thousands of organizations using Bitdefender and Freelancer Inc in a case study. No full exploit is currently available, but steps can be easily reproduced and used to build one.

  Part of an upcoming series trying to shed the light on attacks targeting Microsoft Kerberos implementation in Active Directory …

A writeup regarding exploiting SQL injection issue in an insert query while it wasn’t possible to use a comma at my payload at all.

Two recently discovered vulnerabilities affecting SHAREit Android application <= v 4.0.38. The first one allows attacker to bypass SHAREit device authentication mechanism, and the other one enables authenticated attacker to download arbitrary files from user's device. Both vulnerabilities were reported to the vendor and patches have been released.

Extracting data without knowing columns names from MYSQL < 5 or in case of WAF blacklisting sending information_schema in the request