Security Balancetrying to bring balance to the Force |
 |
I don’t hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files…). With those in hands, try to see what else I was able to have [...]
I’m a bit late on this subject, but I think it’s worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do [...]
It would be impossible to write about low hanging fruits without mentioning network shares. I say it because they are usually my favorite path to elevate privileges when I’m performing a penetration test. Among stuff that I’ve already found on unprotected (I mean, Everyone – Full Control) shares are:
- Source code for critical applications
- Configuration [...]
Now that I’m back to pen testing I’m having the chance to see the mistakes that admins are going into nowadays. There is something very interesting that Windows domain administrators sometimes forget and needs to be addressed as it brings serious security implications: login script files permissions.
Login scripts are those little batch scripts that run [...]
