ATT&CK Red Team Evaluation (Redsun Quals 1)

请注意

这是一篇还没有写完的文章,Q:为什么没有? A:因为我懒

渗透测试及其目标实现

一、环境搭建
1.环境搭建测试
2.信息收集

Read more

HackTheBox - Forest Writeup

About Forest

Forest in an easy difficulty Windows Domain Controller (DC), for a domain in which Exchange Server has been installed. The DC is found to allow anonymous LDAP binds, which is used to enumerate domain objects. The password for a service account with Kerberos pre-authentication disabled can be cracked to gain a foothold. The service account is found to be a member of the Account Operators group, which can be used to add users to privileged Exchange groups. The Exchange group membership is leveraged to gain DCSync privileges on the domain and dump the NTLM hashes.

Read more

HackTheBox - Bucket Writeup [2020]

Intro

S3是AWS(Amazon)的一个云存储(Bucket),可以用来存储可用的公共云存储资源,可提供可伸缩性,数据可用性,安全性和性能,就容量而言,可以存储在S3中的对象的数量和数量不受限制。对象是S3中的基本实体,可以用来存储各式各样的东西,它由数据,键和元数据组成。

详见:https://aws.amazon.com/cn/s3/

Read more