Discover and read the best of Twitter Threads about #CyberAdvent

Most recents (4)

[#thread 🧵] For this 23rd day of #CyberAdvent, we will talk about the LDAP structure and its naming contexts. 🦋
[#thread 🧵(2/10) ] LDAP is a directory structure (a tree) containing objects with their attributes:
[#thread 🧵(3/10) ] You can search for objects in the LDAP with a query on a specified base object and a search scope. In return, you will then get a list of matching objects with the attributes you selected.

docs.microsoft.com/en-us/windows/…
Read 10 tweets
[#thread 🧵] For this 20th day of #CyberAdvent we'll be talking about the Local Admin Password Solution #LAPS of Microsoft, and how it can be used to reduce the risk of network pivoting of attackers.
[#thread 🧵(2/6)] One of the common vulnerabilities found in Windows domains is a distributed local administrator on the workstations (sometimes even servers). This means that if an attacker compromises one machine, all the machines with the same administrator password are owned.
[#thread 🧵(3/6)] The attacker can then connect to all the other machines of the network using LM:NT hashes found on one compromised host! 😅
Read 6 tweets
[#thread 🧵] For this third day of #CyberAdvent (3/24), I'll tell you a story. The story of how I gained root access to a server by leveraging a really fun feature in a web application. This #pentest #writeup will explain the complete process from recon to root. 🦋
[#thread 🧵(2/9)] In the recon phase of my pentest, as usual I was performing a port scan. In the output from nmap, I saw an uncommon port 86 with an HTTP server running "Micro Focus DSD 1.0.0":
[#thread 🧵(3/9)] When going on the page from a browser, surprise 🥳🎉 we have an unauthenticated access! This is cool, but I never saw this app before so I didn't know whether we could exploit it simply or not!
Read 11 tweets
[#thread 🧵] For this second day of #CyberAdvent (2/24), we will be talking about a common #PrivilegeEscalation when using the * (wildcard) in shell scripts. Almost everyone has used at least once the * (wildcard) in a shell script but what really happens with the #wildcard ? 🦋
[#thread 🧵(2/7)] We will take as an example this shell script, performing a backup of a website using tar and a wildcard: Image
[#thread 🧵(3/7)] In this script, the shell replaces the wildcard with matching files from the current directory then executes the command. The * character is never sent to the command (TAR in our case) instead a list of matched files will be sent as arguments to the command. Image
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!