Recently during an engagement, while I was performing an internal network assessment, I figured out that responder was not able to capture the hashes. Initially I thought that this might be due to some issue with the responder configuration or the options that I am using. After fiddling with it for a while, I started…
Category: Network Penetration Testing
All the blog items in this category are related to Network Penetration Testing
Getting system access using malicious word file
Microsoft Office Word / Wordpad remote code execution vulnerability allows a remote attacker to execute arbitrary code on the system. An attacker can send specially crafted files which can cause the MS Word / Wordpad to download a remote shell and the attacker can gain access of the system. Once, the attacker has control of…
DDoS Simulation using DNS Aliases
Background Recently, we encountered a security incident for one of our major BFSI clients. This client was hit by a DDoS attack. The victim received an email the previous day asking them to either pay certain ransom amount or become the victim of this attack. The severity of the attack would increase if the victim…