-
Asymmetric Key Cryptography (And Hashes)
Thursday, April 20, 2023
Asymmetric Key Cryptography Asymmetric key cryptography (aka public key cryptography) is the concept of using a public and private key to encrypt and decrypt data. The public and private keys are linked mathematically. In asymmetric cryptography both Steve and Meg will use their own unique private keys to encrypt a message. In the example below Meg uses Steve’s public key to encrypt a message for Steve’s eyes only. Once Steve receives the message he can decrypt by using his private key.…more
-
Symmetric Key Cryptography at a Glance
Thursday, March 31, 2022
Symmetric Key Cryptography Cryptography is very, very complex… As it should be. It keeps us and our data safe and secure. This write-up will provide an overview of Symmetric Key Cryptography Cryptography - What’s The Point? There are many use cases for cryptography, but the most obvious is confidentiality. We want to ensure our private data remains private. Simple as that. Cryptography can also be used to ensure integrity, Nonrepudiation, and authentication…more
-
Using Favicon Hashing for Continuous Monitoring
Sunday, October 25, 2020
CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER I started listening to the Cloud Security Podcast this past month. Great digestible interviews with security professionals from different fields. This episode really caught my attention when they discussed bug bounty hunters using a continuous monitoring technique involving favicon hashes. What’s a favicon: A favicon is the tiny logo you see in the tab section of your browser. For instance you should (if on a desktop browser) see this little egg next to the title of this page.…more
-
Linux Privilege Escalation with LinEnum
Wednesday, May 27, 2020
Linux privilege escalation can be a weak point for many penetration testers. Scripts such as LinEnum have attempted to make the process of finding an attack vector easier; However, it can be hard to digest the results if you don’t know what to look for. Below are my notes on uploading the LinEnum.sh script to a remote machine, running the script, and reading the results. DISCLAIMER - I used a retired HTB machine (OpenAdmin) as my remote victim machine.…more
-
Attacking Kerberos W/ AS-REP Roasting
Tuesday, April 14, 2020
What is Kerberos Kerberos, developed by MIT, is a network authentication protocol used in Active Directory most commonly running on port 88 with password management on port 464. The Kerberos protocol enables a client/user to identify itself to a server (and vice versa) across a network - thus providing strong authentication. However, Kerberos does not Authorize which services the client/user can access (this is normally done by LDAP). Prerequisites Kali Linux Impacket Grab the latest stable release, unpack it and run ‘pip install .…more