Kerberos is a strong authentication protocol that can be used in an open unprotected network. Despite it’s strength, there are some attacks that can be done against Kerberos which are as follows: Kerberoasting is post-exploitation attack technique. In this attack, the attacker has a compromised authenticated user’s account in a domain and targets Service Accounts…
Category: Hacking
Post Exploitation
In the Cyber Security, Post Exploitation refers to the phase after exploiting a target system. Cyber Kill Chain is the progressive steps in which an attacker performs an attack on a target system. An attacker starts with reconnaissance, then builds an exploit payload and delivers it to the target through email, file sharing etc. The…
MITRE ATT&CK
MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real world observations published by MITRE. This knowledge base can be used as the foundation for understanding the Cyber Attack patterns. The MITRE Attack Matrices covers the following categories The MITRE Attack chain has 14 Tactics that will be executed in order by…
Buffer Overflow
Buffer Overflow is a vulnerability in software due to improper boundary checks, where an attacker exploits the target system by writing overwhelming data to the software memory buffer to overflow the buffer’s capacity and then making the malicious data to be written in the adjacent memory location giving un-authorized access. There are two types of…
Password Hacking
Password Hacking is the process of breaking or cracking and obtaining passwords stored in the target system or when being transmitted between systems. The obtained passwords are used to access accounts on the target system to gain access and privilege access. Password Cracking, Password Breaking, Password Attack are other terms used for Password Hacking. The…
Tactics, Techniques and Procedures (TTPs)
Tactics, Techniques and Procedures (TTPs) are the attributes that depicts the patterns and behavior of a cyber security attack. It helps cyber security professionals to understand how threat actors perform attacks on a target. A cyber security attack is done in multiple stages across a period of time which can some days or months. The…
System Hacking
System hacking is where the attacker proceeds towards the ultimate goal after performing footprinting, scanning, enumeration, and exploitation. The goal can be to bring the service down and make it un-available or steal data or manipulate data. The general stages of System Hacking are as following: Stage 1 – Gaining Access Stage 2 – Privilege…
Difference between Vulnerability Analysis and Vulnerability Assessment
Vulnerability Analysis and Vulnerability Assessment are the same but the difference is that in Vulnerability Analysis, the attacker finds the vulnerabilities to exploit while in Vulnerability Assessment, an Ethical Hacker does the Vulnerability Analysis to help the organization to find the vulnerabilities and fix them to protect the organization from cyber security attacks.
Privilege Escalation
Privilege Escalation is the process where the attacker gains un-authorized access rights or higher-level privileges of software/program, network or system. This is the next phase of a cyber security attack after the Footprinting, Scanning, Enumeration, Vulnerability Analysis and Exploitation. Horizontal Privilege Escalation is where the attacker tries to gain the access other users like file…
Footprinting
Footprinting is the process in which an attacker gathers information about the target (a person or organization). It is the initial sub-phase of Reconnaissance phase of a Cyber Security attack. Types of Footprinting Passive Footprinting is process of gathering information about target without direct contact with the target from Internet, Open Source Intelligence (OSIN), Social Network…