I couldn’t find a single blog post reviewing the Certified Azure Red Team Expert (CARTE) certification, so I decided—why not write one myself? This is my first blog post on a course review. Introduction I have been working as an…
Introduction Recently, I was doing a penetration test and I came across a rare and unique obstacle. We could run blind commands on the machine and also ICMP traffic was allowed but TCP traffic was blocked. Let’s dive into how…
Introduction This blog will cover on how to solve the Crypto Challenge – Blinded, which was part of HTB Business CTF 2021. This challenge was based on the RSA algorithm and specifically the Blind Signature concept of RSA. First, let…
Introduction Hashcat is a popular password cracker and designed to break even the most complex password representation. To do this, it enables the cracking of a specific password in multiple ways, combined with versatility and speed. Password representations are primarily associated…
Introduction BadUSB is any USB device that was programmed (or reprogrammed) specifically to emulate a keyboard by sending a predetermined sequence of key press events to a computer in order to complete a task, which typically has the objective of…
Introduction Privilege escalation happens when a malicious user exploits a vulnerability in an application or operating system to gain elevated access to resources that should normally be unavailable to that user. The attacker can then use the newly gained privileges…
Introduction Evilginx2 is an attack framework for setting up phishing pages. Instead of serving templates of sign-in pages look-alikes, Evilginx2 becomes a relay (proxy) between the real website and the phished user. Phished user interacts with the real website, while…
At the start of September, 2020, I had a very interesting question: How can I create a Metasploit payload that can bypass Windows Defender on a fully patched Windows 10 build 2004? There are many ways to get to this…