Like the pillars of the great Parthenon the five pillars of information security hold up and support a comprehensive security program. In this essay I will discuss the five pillars and how they are connected by providing specific examples of how they support and rely on each other within a
To prevent unathorized access and malitious attacks on a network system administrators have a few options in their arsinal. Firewalls and Intrusion Detection/Prevention Systems are the main line of defense in this situation. These defenses are effective when configured properly. However, every defense has its weakness. Understanding the limitations
Golden Ticket This document covers how to create a Golden Ticket. An Active Directory Domain server is required for this to work. Connected clients are useful but not required. Creating the Ticket To create a Golden Ticket the NT Hash for KRBTGT will need to be aquired as well as
Breaking out of a restricted shell is a significant step in ethical hacking and penetration testing. However, sometimes you find yourself in a limited or non-interactive shell environment where essential features like command history navigation and screen clearing don't work. In such cases, upgrading to a fully interactive
Security is a piece of cake. Just imagine a piece of cake sitting there, all delicious looking. You want that piece of cake, but you have to study first. You want to keep this cake secure. You don't want anyone finding, eating, or stealing it. You don'
The first thing I did was to open up Ghidra and decompile the binary then look around. I usually start by looking at the main function and that's what I did here. I noticed something a little odd, there was a function called invalidInstructionException. I wanted to look
I start by looking at the file. file auth | tr "," "\n" I then opened it up in ghidra and looked at the functions. The functions where obfuscated however, I was able to find what appears to be the main function. Note that I did rename the
WPA-Enterprise Home Lab While training for the Offensive Security OSWP certification I needed to set up a WPA-Enterprise lab. This documents how I did that. Setup To make things easier I have created a reopsitory that will help you setup a Kali Linux virtual machine with vagrant. This will install
When studying abstract concepts it is often extremely helpful to illustrate them with specific examples. I will attempt to explain Kubernetes using a restaurant as an example and analogy. The basics of Kubernetes are pods, nodes, and clusters. With this, we can create a very simple Kubernetes deployment that we
XOR is often used in information security to encrypt data. A good example of this is in the creation of a one-time pad. A one-time pad is a type of encryption in which a message in encrypted by combining a randomly generated key. Because the key is completely random, an
Almost everything I do in my Development career involves Docker and almost everything in my Information Security career involves Impacket. So, it was only natural that the two would meet and fall in love. Here's how to create an Impacket Docker image that you too can fall in
In a Golden Ticket attack, an attacker creates a fake "ticket" that allows them to access the network as if they were a legitimate user. This ticket is called a "Golden Ticket" because it gives the attacker unlimited access to the network. The Golden Ticket attack