Infrastructure

This section focuses on the techniques used to perform penetration testing against modern IT infrastructure. Articles cover various topics including on‑premises enterprise environments, cloud systems, wireless networks and mobile platforms.

• Model Context Protocol
  Using Local LLM’s to perform NMap scans.
• Just Enough Administration (JEA)
  Exploiting PowerShell JEA configurations.
• dMSA Abuse
  Exploiting dMSA accounts to become domain administrator.
• Kerberos Authentication Service Cracking
  Intercepting and cracking AS-REQ & AS-REP packets.
• Attacking Machine Accounts
  Assuming machine account identities.
• 802.1X
  Attacking 802.1x port authentication.
• Exploiting IOS-XE
  Exploiting Cisco IOS Extended Edition.
• Dynamic DNS
  Exploiting dynamic DNS updates.
• Alternative C2 Agents
  A look at various open source C2 agents.
• Android Penetration Testing
  Exploiting common Android vulnerabilities.
• Android Certificate Pinning
  Bypassing Android certificate pinning using Objection.
• MobSF
  Identifying common security issues in mobile applications.
• Exploiting Webmin
  Exploiting common Webmin vulnerabilities.
• VLAN Attacks
  Performing VLAN hopping attacks.
• First Hop Redundancy Protocols
  Exploiting VRRP & HSRP.
• CAM Table Overflow Attacks
  Exceeding a network switches CAM table to intercept traffic.
• WebClient Privilege Escalation
  Relaying WebClient Connections to LDAP become a local administrator.
• Microsoft Configuration Manager
  Pentesting SCCM.
• Remote Registry Service User Enumeration
  Identifying users logged into a remote host.
• Pentesting X11
  Compromising open X Window System servers.
• Obfuscating Command Line Arguments
  Encoding command line arguments to evade detection.
• Active Directory Persistence
  Maintaining access to an Active Directory environment.
• Forged Kerberos Tickets
  Generating forged Kerberos gold, silver and diamond tickets.
• Active Directory Schema Modification
  Changing default security descriptor properties to escalate from a child to parent domain.
• Attacking MSSQL
  Compromising MSSQL databases, and escalating privileges.
• Golden gMSA Attacks
  Extracting gMSA service accounts from child domains.
• SID History Abuse
  Modifying SID History values to compromise parent domains.
• Backup Operator Privilege Escalation
  Extracting domain controller credentials using the Backup Operators group.
• Active Directory Explorer
  Using Microsoft AD Explorer to collect Active Directory attack path information.
• Active Directory DACL Attacks
  Exploiting misconfigured Active Directory access control lists.
• Entra ID Connect
  Extracting credentials from Azure Entra Connect.
• Coerced Authentication
  Persuading Windows hosts to provide machine account credentials.
• IPv6 Penetration Testing
  Testing IPv6 security.
• Bypassing Multi Factor Authentication
  Intercepting multi factor authentication credentials using an Nginx reverse proxy.
• Phishing
  Sending Phishing emails to capture login credentials.
• Terraform
  Using Terraform to deploy testing infrastructure & auditing Terraform configuration files.
• 802.11 Wireless Attacks
  Ways of gaining access to WPA-PSK networks.
• Cobalt Strike
  Getting started with Cobalt Strike.
• Kerberos Delegation Attacks
  Exploiting constrained, unconstrained and resource based delegation.
• Kubernetes Penetration Testing
  Security testing for Kubernetes clusters.
• Docker Penetration Testing
  Performing security audits of Docker instances.
• Linux Privilege Escalation
  Privilege escalation techniques for Linux hosts.
• Windows Privilege Escalation
  Privilege escalation techniques for Windows hosts.
• Bypassing LSA Protections
  LSA protections and related bypass methods.
• Packet Capture with Native Tools
  Capturing network traffic with pktmon and netsh.
• Password Cracking
  Using hashcat to reveal Windows passwords.
• Active Directory Certificate Services
  Using AD CS certificates to achieve persistence in an Active Directory environment.
• Extracting NTLM Hashes With User Privileges
  Extracting NTLM hashes without the need for Mimikatz.
• Offensive Security Experienced Penetration Tester (OSEP) Review
  A review of the Evasion Techniques and Breaching Defences course by Offensive Security.
• NTLM Relay Attacks
  Performing NTLM relay attacks using SMB and LDAP.
• Pentest One Liners
  A list of one line commands for Windows to download and execute payloads.
• Credential Interception Using Malicious SMB Shares
  How to intercept NTLM-SSP hashed credentials for offline cracking.
• Casino Royale CTF
  A walkthrough for VulnHub’s Casino Royale CTF.
• GoldenEye CTF
  A writeup of the VulnHub GoldenEye capture the flag (CTF) challenge.
• Extracting Windows Credentials Using Native Tools
  How to extract credentials from Windows systems using built in commands.
• Kerberoasting
  Kerbroasting to extract service account credentials.
• Lateral Movement With Named Pipes
  A demonstraton of named pipe communication using Meterpreter.
• Session Enumeration With NetSessionEnum API
  How to take advantage of the NetSessionEnum API to determine remotely logged in users.
• BloodHound
  Using BloodHound to exploit Active Directory based networks.