Penetration Testing – discussing exploits,  vulnerabilities, fixes and tools

Here I will be discussing exploits,  vulnerabilities, fixes and tools dedicated to the two areas of personal interest to me within Penetration Testing. Infrastructure and Web Application Testing.

Infrastructure Testing

• Basic Pivoting Techniques
• GPO Abuse – Edit permissions misconfiguration
• DACL Trouble: GenericAll on OUs
• Pass the Ticket: PTH
• LAPS ms-Mcs-AdmPwd enumeration/attack vector
• Stealing RDP Sessions
• Active Directory Resource-based Constrained Delegation: Attack Path
• Networking Pivoting via SSH – Scanning with Nessus Professional behind a Firewall or NAT.
• Searchsploit command line shortcut options -m and -x.
• Self Signed Certificates + Remote Desktop Protocol = MiTM and Creds – This is a problem, don’t ignore it!

Web Application Testing

• Searchsploit command line shortcut options -m and -x.
• Burp Suite Macro: Auto Login (session re-authentication)
• Hardening Microsoft IIS 8.5 Security Headers
• MiTM Thick Client Web Services Testing.
• Server Hardening: HTTP TRACE TRACK Methods Allowed – Part1 Apache