Monitoring Connections and Processes with Netstat, ss, and ps Why checking open ports and running processes matters during a pentest When you’re inside a compromised Linux system — whether through a reverse shell, a webshell, or full access — understanding what’s running and what it’s talking to is critical. This isn’t just “admin curiosity.” It’s […]
Netstat, ss, and ps Read More »
1. Identification & Authentication Key Components: 2. Authorization Key Components: 3. Principals & Security Identifiers (SIDs) SIDs uniquely identify user, group, and computer accounts. Used throughout the OS for access control. Examples: 4. Privileges & User Rights Managed via: Examples: 5. File & Registry Security 6. Services & Session Security 7. Memory & Execution Protection
Windows Security Architecture Overview Read More »
PowerUp: Windows Privilege Escalation When you’re dropped into a Windows shell during an engagement, one of your top priorities is figuring out how to escalate privileges — ideally from a low-privileged user to SYSTEM. PowerUp, a PowerShell tool from the PowerSploit framework, was made for exactly this. In this post, we’ll walk through what PowerUp
SNMP Versions Explained SNMP has three main versions: Version Security Level Description v1 🟥 Insecure Basic functionality, all data in plaintext, weak structure v2c 🟥 Insecure Improved performance over v1, but still plaintext, uses community strings v3 ✅ Secure Supports authentication, encryption, and user-based access SNMP v1 and v2c Community strings: String Access Type Default
SNMP versions explained Read More »
What is SNMP? SNMP stands for Simple Network Management Protocol. It’s a protocol used to monitor and manage network devices like routers, switches, printers, servers, firewalls, etc. Think of SNMP as the “IT admin’s spyglass” — it gives visibility into what devices are doing, what their health is like, and even allows limited configuration —
Docker: Part 5 — Real-World Attack Scenarios By now, you’ve learned how Docker works, how to identify it, and how to exploit its weaknesses. But theory means little without real-world context. In this post, we’ll walk through real attack scenarios where Docker becomes your foothold — or your pathway to root. These are drawn from
Docker Attack Scenarios Read More »
Docker: Part 4 — Escaping Docker Containers Most of the time, Docker containers are designed to be isolated from the host system. But isolation isn’t security — and containers aren’t real sandboxes. Under certain conditions, it’s possible to break out of a container and compromise the host. This post covers: What Makes Escapes Possible? Containers
Escaping Docker Containers Read More »
Docker: Part 3 — Privilege Escalation via Docker Once you confirm that Docker is running — or that you’re in the docker group — the path to root is often just a few commands away. In this post, you’ll learn: Why Docker Group Access is Dangerous The Docker daemon (dockerd) runs as root. If you
Docker: Part 2 — Recon & Enumeration Now that you understand what Docker is and why it’s widely used, it’s time to learn how to detect Docker in an environment and begin enumerating it for privilege escalation opportunities. This post covers: Step 1: Are You Inside a Docker Container? When you land a shell, you
Docker Recon & Enum Read More »
Docker for Pentesters: Part 1 As a penetration tester, you’re going to run into Docker. A lot. Whether it’s powering the web application you’re testing, hiding secrets in a containerized CI/CD pipeline, or quietly offering root access through a misconfigured socket — Docker is everywhere in modern infrastructure. So before we exploit it, let’s understand
