Penetration Testing – discussing exploits,  vulnerabilities, fixes and tools

Here I will be discussing exploits,  vulnerabilities, fixes and tools dedicated to the two areas of personal interest to me within Penetration Testing. Infrastructure and Web Application Testing.

Infrastructure Testing

• Are Azure Access and Refresh Tokens the New NTLM Attack Vectors for Authentication in AD?
• SSH ProxyCommand & ProxyJump
• CVE-2021-4034 “Pwnkit” Local Privilege Escalation (LPE) vulnerability
• PetitPotam and Active Directory Certificate Services NTLM Relay Attack
• Basic Pivoting Techniques
• GPO Abuse – Edit permissions misconfiguration
• DACL Trouble: GenericAll on OUs
• Pass the Ticket: PTH
• LAPS ms-Mcs-AdmPwd enumeration/attack vector
• Stealing RDP Sessions

Web Application Testing

• Searchsploit command line shortcut options -m and -x.
• Burp Suite Macro: Auto Login (session re-authentication)
• Hardening Microsoft IIS 8.5 Security Headers
• MiTM Thick Client Web Services Testing.
• Server Hardening: HTTP TRACE TRACK Methods Allowed – Part1 Apache