Recently I was performing a penetration test and came across a Server Side Include injection bug (SSI). If you are familiar with cross-site scripting (XSS) this type of vulnerability will sound familiar. This is caused by an application taking input form the user, and supplying it in the response from the server. The mitigations are…
n00py Blog- The SOCKS We Have at Home
- Bypassing Amazon Kids+ Parental Controls
- Bypassing Okta MFA Credential Provider for Windows
- CactusCon 2023: BloodHound Unleashed
- Exploiting Resource Based Constrained Delegation (RBCD) with Pure Metasploit
- Practical Attacks against NTLMv1
- Password Spraying RapidIdentity Logon Portal
- Manipulating User Passwords Without Mimikatz
- Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)
- Adding DCSync Permissions from Linux