Ransack Query Injection: Analysis and Exploitation of an ORM Vulnerability Developers often rely on libraries to manage communications with databases. This saves them from having to write raw queries. These libraries generall... 03.02 Applications
What is Pass-the-Hash? Attacks Types and Security Best Practices During our internal penetration tests, we regularly compromise Active Directory without using any passwords. This is possible thanks to an iconic atta... 16.01 Infra & Network
Social Engineering and Red Teaming: Understanding Threats and Defence Strategies Social engineering, especially phishing in all its forms (emails, text messages, phone calls, QR codes, etc.), remains one of the main attack vectors.... 07.01 Phishing & Social Engineering
Active Directory Monitoring: LDAP Log Analysis and ELK Rules Active Directory (AD) is a directory service developed by Microsoft. It is used by most companies to manage identities, user accounts, machines, secur... 13.10 Infra & Network
AD CS Security: Understanding and Exploiting ESC Techniques After presenting the operating principles of Active Directory Certificate Services (AD CS) in a previous article, it is now time to address a more off... 25.09 Infra & Network
