MujereSec101

  OhSINT — TryHackMe Walkthrough First of, we need to download the picture given in the above option. After that download exiftool, in my case I've downloaded the Windows executable version Exiftool: is a free and open-source program for reading, writing, and manipulating images, audio, video, and PDF metadata. To run the tool, simply drag and drop the image file you wish to examine in Windows. Note I'm using the portable exiftool version. The tool spits out a bunch of information about the image we downloaded like filetype, filename, GPS Position, copyright, etc. Here, we get to know about the copyright which is in the name of OWoodflint. Let’s now search it on google and see whether we can find anything. google search result of OWoodflint accounts: Twitter, blog, GitHub profile Here, we go through each site and check whether we can find something useful. Twitter: 1. What is this users avatar of? cat 2. What city is this person in? London From the Twitter page, we find the BSS...

In this write-up I'll go over with my Malware Analysis Lab set-up to kind of run through the basics of safety Malware handling when analysing real world Malware. The aim of this write-up is to document my journey in Malware Analysis to practice safety Malware handling ALWAYS! In the above diagram, you'll find my current Malware Analysis Lab environment wherein we will use it to detonate and dissect Malwares for analysis. We will use FlareVM a Windows based Malware Analysis Distribution and REMnux OS to isolate our Host machine and run these OS thru virtual machine. The virtual environment is isolated and not in anyway connected to our host machine and wild Internet. This is purposely done to get rid of the risk associated with the tasks while we examine and detonate Malwares which is very HARMFUL and RISKY by its nature. So our goal is to practice SAFETY ALWAYS when handling Malware! Goal: Malware analysis provides a very accurate and comprehensive list of IoCs compared to othe...

  Creating Callbacks Using CanaryTokens .org First, navigate to  http://canarytokens.org  with Firefox Select "Microsoft Word Document" from the drop-down menu. Add a real email address in the email field. This email address is used to receive notifications when the token is triggered. Enter a message in the final box. Click "Create my Canarytoken" when finished. This will give you the option to download the document: Click on the download button to download the document. Next, email this document to a system running Microsoft Word: When you receive the email, open it in Word. The document will be blank when you first open it, but the file can be renamed or modified if desired. Once the document is open, go back to "canarytokens.org" and manage the token. This will bring up the page that shows the document was opened, the IP, and the location of the IP address where the document was opened.

 Bluespawn In this lab we will be using Bluespawn as an alternative for an EDR system. Normally full EDRs like Cylance, Symantec and Crowdstrike are very expensive and tend not to show up in classes like this. BlueSpawn will monitor the system for "weird" behavior and note it when it occurs. In this lab, we will be starting BlueSpawn and then running Atomic Red Team to trigger a lot of alerts. First, let’s disable Defender. Simply run the following from an Administrator PowerShell prompt: Set-MpPreference -DisableRealtimeMonitoring $true This will disable Defender for this session. If you get angry red errors, that is Ok, it means Defender is not running. Let's get started by opening a Terminal as Administrator:  Now, let's open a command Prompt: Next, let’s change directories to tools and start Bluespawn: C:\Users\adhd>cd \tools C:\tools>BLUESPAWN-client-x64.exe --monitor --level Cursory Now, let’s use Atomic Red Team to test the monitoring with BlueSpawn: Firs...

 Compromising IPv4 networks via IPv6 While IPv6 adoption is gaining traction, company networks that use IPv6 internally are quite rare. However, most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this write-up, we explore an attack that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS server and redirect traffic to an attacker specified endpoint or relay. We can abuse this exact functionality to gain control over the network and potentially dump the NTLM hashes from ntds.dit, create user, add user to privilege group e.g. Enterprise Admin, etc present in the domain controller. The ntds.dit file is a database that stores information about user objects, groups and group memberships, and password hashes for all users in the domain This attack attempts a DNS takeover in a network via IPv6 using...

  What is mitm6? mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. reference: https://github.com/dirkjanm/mitm6 Dependencies and installation mitm6 is compatible with both Python 2.7 and 3.x. You can install the requirements for your version with "pip install -r requirements.txt". In my case, I have to use the ff command "pip3 install" as "pip install -r requirements.txt" does not work for me. To start with, Go to Google search and look for "github mitm6" then clone the repository. ┌──(root㉿kali)-[/opt] └─# git clone https://github.com/dirkjanm/mitm6.git    Depende...

  #SMB Relay Attack Overview SMB is commonly used for sharing files, printers and communication between client and server. Before one can communicate with the other, the user will be required to authenticate themselves. This is simple access control. Although this control can help protect those important files, it can also be manipulated to allow authentication attempts to be relayed and used to access systems. It can also be abused in order to collect password hashes. This is where SMB relay comes into play. The attacker places themselves in the middle (MiTM) and relays the attempts. Once the end server has validated the credentials, the access is granted to the attacker instead of the user. What is SMB Relay Attack? A SMB relay attack is where an attacker captures a users NTLM hash and relays its to another machine on the network. Masquerading as the user and authenticating against SMB to gain shell or file access. Prerequisites SMB Signing disabled on target Must be on the local...