I recently found an Insecure Direct Object Reference (IDOR) vulnerability in a web application that I was testing. By incrementing or decrementing an ID value, I could download any file in the application, even though they were not listed for download in the user interface. A simple way to exploit this kind of attack is…
n00py Blog- Password Spraying RapidIdentity Logon Portal
- Manipulating User Passwords Without Mimikatz
- Unauthenticated Dumping of Usernames via Cisco Unified Call Manager (CUCM)
- Adding DCSync Permissions from Linux
- Resetting an Expired Password Remotely
- Dumping Plaintext RDP credentials from svchost.exe
- The Dangers of Endpoint Discovery in VIPRE Endpoint Security
- Dumping LAPS Passwords from Linux
- Alternative ways to Pass the Hash (PtH)
- Password Spraying Secure Logon for F5 Networks