> Posts
Here are some posts I have written.
-
Stealing sudo sessions with ptrace {en, gl}
-
Wardriving coa Raspi no 2023: Dando unha volta polos wifis do lugar {gl}
-
Reversing con carraxe: Sacando contrasinais con angr {gl}
-
Using libfuzzer in autotools compiled projects {en, gl}
-
Tricks to improve console programs usability {en, gl}
- A description of some
tricks that have learnt from my experience that enhances the user
experience of Linux console programs.
-
Heap analysis with radare2 {en, gl}
- A review of the glibc allocator that
manages the heap as well as the radare2 module to examinate its structures
by using the debugger.
-
Kerberos I: How does Kerberos work? {en, es}
- An introduction to the Kerberos
protocol in Active Directory. The post describes the elements of the
Kerberos environment, the basic procedures to get and use Kerberos tickets
and the most common attacks against Kerberos.
-
Kerberos II: How to attack Kerberos? {en, es}
- A review of the most basic
Kerberos attacks that includes practical examples of how use known tools to
attack Kerberos. The attacks included are: Brute-forcing, ASREProast,
Kerberoast, Pass The Key/Over Pass the Hash, Pass the Ticket, Silver and
Golden ticket.
-
Kerberos III: How does delegation works? {en, es}
- A description of the
mechanism used by Kerberos to perform delegation in an Active Directory
environment. It also includes some attack scenarios where an pentester can
take advantage of Kerberos delegation.