I'm Faisal Fs, Cyber Security Analyst from Malaysia focusing on Vulnerability Assessment & Penetration Testing 👨🏻💻
- Interested in red teaming, ethical hacking, web exploitation as well as intrusion detection.
- Reading & writing infosec blogs.
- Fun fact: I love coffee but I sleep early 💤
- Common Linux Persistence Techniques
This post will cover a few common Linux persistence techniques used by an adversary to establish permanent access. - Extracting administrator credential via blind SQL injection in cookie header
This post is about blind SQL injection vulnerability in the cookie header that result of retrieving the contents of the table to obtain the username and password of administrator. - Attacking Kerberos with ASREPRoasting & Abusing Backup Operators Group to Extract NTDS.DIT
Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller? - Discovery of azure.xml file & Abusing Azure Admins Group to Leverage Azure AD Connect
Abusing Azure Admin to retrieve plain text credential in order to gain admin shell - Abusing DNS Admin Membership by DLL Injection for PrivEsc in Active Directory
Charge the DLL injection to obtain the admin privilege. - Exploiting CVE-2016-1555 in Netgear WNAP320 Firmware Version 2.0.3 for Remote Command Execution
Internet of things (IoT) pentesting - Exploiting MongoDB NoSQL Injection to Username:Password Enumeration & Java jjs SGID to Root Shell
Bruteforce the user’s passwords using NoSQL bypass. To raise root privilege, it was enough for a system equipped with a permissive SUID.
