The biggest attack blew 2021 in the start, where Microsoft Exchange Server was attacked by Hafnium — A Chinese group of hackers. The big buzz was created when almost all the important organizations including homeland security to Health Care organizations to 500 Fortune Companies, became victim of the attack. Let’s dive deeper, and learn few points on how attack worked.
Common Vulnerability Exposure list — Addressed
CVE-2021–26855 is a server-side request forgery (SSRF) vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
This occurred because the unauthenticated requests were allowed on…
Devastating attack on Solarwinds in 2020, resulted into largest breaches that occurred. When I asked people, they knew only the fact, that attack was a supply chain attack, which had exploit incorporated in updates. Let’s dig deeper and know few more things.
Let’s go through some terminology before we end up into summarizing things.
SolarWinds Inc : is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure.
Supply Chain Attack : A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply…
Veni Vidi Vici.
After the endless efforts throughout the year, I finally achieved my Offensive Security Certified Professional certification on 5th FEB 2021. Though everyone shares the experience and their journey, but I will definitely love to add mine to the bibliotheca. Because when there are just few days left for your exam, each and every reference, journey experience and tips counts.
Well, totally a hard machine, required a lots of nudges and help. Also it took some scripting and XPATH injection and hell of a ride. Without wasting time let’s start.
Nmap scan for unbalanced using default scripts and service versions we see.
Going through the OSCP prep journey, it has now a days in trend, to solve out Buffer Overflow from TryHackMe! platform. Today I am going to share one of them, so that we may get an insight of basic steps by which easiest level stack buffer overflow can be exploited. Without wasting time, let’s get started.
STEP 1: Login into Tryhackme portal and go to dashboard for buffer overflow.
STEP 2: We will do Overflow 6
Today we will see how to own Magic machine. Initially when I started the machine I thought it is going to be related to magic numbers in PHP and something related to juggling concept. But no, it was not like that, so let’s see how was it.