How to Exploit the Shellshock Attack
Explanation of the Shellshock vulnerability (CVE-2014-6271), its origin, how it works, and how to exploit it remotely to achieve command execution on web servers.
Jan 31, 2022 Juan Antonio González Mena
All Posts
123 articles
Ways to Execute Reverse Shells on Windows
Learn various techniques for obtaining reverse shells on Windows systems, from netcat to PowerShell scripts to fully interactive ConPtyShell.
Jan 24, 2022 Juan Antonio González Mena
What is LocalAccountTokenFilterPolicy
Learn what LocalAccountTokenFilterPolicy is in Windows, how it affects remote command execution with local administrative accounts, and how to disable it for pentesting purposes.
Jan 21, 2022 Juan Antonio González Mena
SGID, SUID, and Sticky Bit Permissions on Linux
Complete guide to special permissions on Linux: SGID, SUID, and Sticky Bit. Learn how they work, how to identify them, and the behaviors of UID and GID in the system.
Jan 17, 2022 Juan Antonio González Mena
How NTLM Authentication Works
Detailed explanation of how NTLM authentication works in Windows, including LM and NT hashes, the Net-NTLMv2 process, and techniques like Pass The Hash.
Jan 10, 2022 Juan Antonio González Mena
Privilege Escalation through Passwords in Windows
Techniques for escalating privileges in Windows through passwords stored in the registry, configuration files, saved credentials, and SAM hash extraction.
Jan 3, 2022 Juan Antonio González Mena
Windows Privilege Escalation Through Insecure GUI Applications
Learn to identify and exploit misconfigured graphical applications in Windows to escalate privileges using GUI exploitation techniques.
Dec 27, 2021 Juan Antonio González Mena
What is a Windows Service
Learn what Windows services are, how they work, the different types of privilege escalation related to services, and enumeration techniques with accesschk.exe.
Dec 22, 2021 Juan Antonio González Mena
Windows Privilege Escalation Through Unquoted Service Paths
Learn to identify and exploit Windows services with unquoted paths to escalate privileges using Unquoted Service Path techniques.
Dec 14, 2021 Juan Antonio González Mena