Blogs by Ashwin

  Basics Windows Domains Window Domain is a collection of networks that are grouped together and share a common directory database. This will help in central management and organization of network resources, such as user accounts, computers, and other devices. Each domain has its own security policies. They are used to control access to network resources and manage user permissions. The users and computers that are part of a domain are authenticated and authorized to access network resources via the security policies of that domain.  In AD, domains are hierarchical. A single top-level domain is called the "root domain" at the top of the hierarchy. However, the other domains can be created within the root domain and organized into a tree-like structure. Each domain in the tree is the child of another domain called the "parent domain". This helps in the creation of large and complex network of domains, each with its own security policies and network resources.  Hence,

  About Active Directory of Microsoft is the backbone of the corporate world because it allows easy manage of people and devices in a large company. An administrator can use Windows domain to manage things in a larger company.  A Windows domain is a collection of people and computers managed by a certain company. Basically, it consolidates the management of Windows computer network's common components that are under the control of Active Directory (AD). A domain controller is the server hosting Active Directory services (DC). Active Directory can be used for: Creating and managing user accounts and groups, allowing administrators control access over network resources and manage user permissions. Managing and organizing network resources, like computers, printers, and other devices, making it easier to find and access these resources. Providing a central authentication and authorization service that allows the users to access network resources using a single set of login credentials

  Token Impersonation Token impersonation is an effective approach for a Windows local administrator to impersonate another user and issue commands in the name of that user. There are many tools that are created to particularly exploit this vulnerability. Windows consists of several privileges that, if enabled, may allow an attacker to escalate them to the SYSTEM. Local users have privileges to carry out specific tasks, like managing volumes, changing the system's locale, and shutting down the system. An access token is used for all the security choices and holds the security identity of a process in Windows. So, whenever there is an attempt to interact with the objects laced with security descriptors, a user-spawned process or thread will automatically inherit the same token (securable objects). Impersonation is a technique that allows a process to use another user's tokens, that can be used if a task necessitates increased privileges. Service accounts are generally created wi

  Introduction The term "privileges" refers to the ability of a particular account to carry out actions that are relevant to the system. The Windows operating system make use of access tokens making these privileges functional. The token itself comprises of all the information including the user privileges, to effectively define the security environment of a particular user. The Security Identification (SID), is a special number allocated to each object including tokens like a user or group account. These SIDs are updated and created by the Windows Local Security. In addition to privileges, Windows also uses an integrity mechanism. It is an essential part of the Windows security architecture and offers application processes and secure objects different integrity levels. Hence, the level of confidence of operating system in running apps or secure objects can be described by this. Also, APIs might be restricted to a certain integrity level.  Windows Privileges An access control

  SUID Executables SUID is a type of permission that enables the user to execute a file with the owner's privilege. However, there are many reasons for setting this permission. For example- the ping software requires root access to start a network socket, but regular users may also use to check connection with other servers. Having SUID permission allows many existing binaries and tools that can used to elevate rights to root. Some of the Linux executables that offers privilege escalation are nmap, vim, find, bash, etc.  Password Attacks Passwords are the most fundamental forms of user account and service authentication. Thus password attacks aims to find and utilize legitimate credentials to access a user. Typically, two types of techniques are used to execute password attacks. One of them is brute force attack where the penetration tester will try to guess the user's password. The other one is the dictionary attack where multiple different word lists are utilized to try and g

  Linux Privileges Every file in a Linux system must comply with user and group permissions according to the fundamental capabilities of read, write, and execute. Most of the resources, including directories, files, devices, and network connections that represented in the file system is one of the distinguishing characteristics of Linux and its UNIX variants. Insecure File Permissions The pen tester should find an executable file that provide him right access and elevated privileges to take advantage of unsafe file permissions. Linux passwords are generally stored in /etc/shadow file, which is inaccessible to unprivileged users, unless a centralized credential system like Active Directory or LDAP is utilized. However, in the past, the password hashes and other account details were kept in publicly accessible file /etc/passwd. so, if he has access to the /etc/passwd file then, he can set any account's password to whatever he choose.  Environmental Variable Variables that are unique

  Introduction Viewing, editing, or modifying system files are common privileges. Privilege escalation happens when a user receives privileges they are not entitled to. Hence, they can easily delete files, view private information, or install viruses through these privileges. It is an act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that an application of user normally protects. Linux Privilege Escalation The penetration tester often acquires initial footing on a system as a non-privileged user and then obtain further access permissions. It is a necessary skill because "direct-to-root" compromises are very rare in modern environments. There are several common escalation techniques that can exploit misconfigured services, direct kernel vulnerabilities, sensitive data stored in local files, and whatnot. Manual Enumeration After successfully compromising a target and establishing

  Introduction An internal penetration test is generally done after the completion of an external pen test. It imitates an insider threat and identifies the ways an attacker can compromise or damage the network, sensitive data, or systems. Initially, the tester may start with the most obvious or common scenarios like: An unhappy rogue employee (malicious insider) who can compromise or damage the system network. An external malicious attacker who accesses the system through social engineering, phishing scam, or stolen credentials.  Mostly, organizations on external threats but, it has been proved that a majority of data breaches happens dur to internal threats and they can come from- Weak or shared passwords Weak access controls Insecure file sharing or unencrypted data Network misconfigurations Lack of awareness about social engineering and phishing Ransomware attacks Insecure remote devices and networks It is very important to address these issues on priority and internal penetration

  What is External Penetration Testing ? External Penetration Testing is also known as external network penetration testing. It is a type of  security assessment of an organization's perimeter systems. A perimeter comprises of all those systems that are directly reachable from the internet. Because they are out in the open and are the most exposed systems, they are most easily and regularly attacked.  Hence, the main aim of an external pentest is to determine ways to compromise the accessible (external) systems and services, gain access to sensitive information, and discover methods an attacker can use the users or clients. They will also test the extent of any weaknesses discovered to see how far a malicious attacker could burrow into a network and what the business impact of a successful attack would be.  Asset Discovery Assets can be a website or a web application or an API that are intended to be found or discovered with the help of asset discovery tools. After the identificati

  What is Penetration Testing? Penetration testing, also known as Pentest, is an authorized simulated cyber attack used to ascertain a computer system's security state. However, it should not be confused with vulnerability assessment. This process not only identify the weaknesses, but also the strengths of a system, thus providing a full risk management. A pen tester evaluates the cybersecurity of an organization utilizing various techniques. It allows the businesses identify their weaknesses and determine if a malicious actor would be able to take advantage and exploit them to get unauthorized access. Any type of study involving deliberate simulation of attack on a computer system falls under the broad definition of penetration testing, as there are several approaches to ethical hacking. Types of Penetration Tests All pen tests falls under either of the three following categories: White Box- If a penetration test target is a White Box then, the tester will be provided a complete b

  Introduction Nowadays, cyberattack on various organizations, enterprises, or government sectors via hacktivists, criminals, national enemies, etc. have become a common practice. They always look for a loophole to penetrate a computer network's defense system of their victims. Hence, there are many effective ways to defend against cyber attacks. Some of them are- training the employees, keeping the system and software up-to-date, multiple backup solutions, monitoring network traffic, etc. However, one of the major defense mechanism is PTES (Penetration Testing Execution Standard).  What is PTES? PTES is basically a comprehensive guide that outlies a standard methodology for conducting penetration tests. The method was developed by a team of information security practitioners to cater to the need of a complete and updated standard for penetration testing.  Penetration testing is a process in which organizations can test their own network security by simulating the real-world cybera