HiveNightmare (CVE-2021-36934)

Summary HiveNightmare AKA SeriousSAM AKA CVE-2021-36934 is a Microsoft Windows vulnerability which affects Windows 10 and 11 starting with Windows 10 version 1809. This vulnerability allows for an attacker that has local access to any low level (non-administrator) account to perform a privilege escalation attack in order to elevate their privileges or harvest credentials andContinue reading “HiveNightmare (CVE-2021-36934)”

SQL Authentication Bypass

No credentials? No problem! …well, maybe. If a web application is vulnerable to SQL injection (SQLi), you may be able to bypass authentication. A typical SQL query is like the following: SELECT * FROM table WHERE username = ‘bob’ AND password = ‘Str0ngP@ssw0rd!’; Usually you can start to test for the existence of this vulnerabilityContinue reading “SQL Authentication Bypass”

Enumeration is cyclical

Many say it – methodology is important–if not critical! In this post I’ll quickly cover the hacking phases but what’s more paramount to success is being cyclical in your process. What the typical hacking methodology looks like: Recon Enumeration and Scanning Exploitation (Foothold then Privilege Escalation) Persistence Covering Tracks Lateral Movement This is a greatContinue reading “Enumeration is cyclical”

Short-term goals… OSCP

Like many before me and, I’m sure, many after me – I am in pursuit of the gold standard entry-level pentester certification–the Offensive Security Certified Professional (OSCP). I label this post as “short-term” as I have been studying on and off for awhile but this is something I want for myself by EOY 2021. ThisContinue reading “Short-term goals… OSCP”