RalfHacker – HackMag

Ultimate guide to Metasploit: how to use the renowned pentesting framework

Date: 01/06/2021

As you are likely aware, Metasploit is the most acclaimed exploitation and post-exploitation framework in the world. Even if you don’t use it, you had definitely encountered numerous references to Metasploit in our materials. In this article, I will give a brief overview of this framework, explain how our security team uses it, and provide some practical tips.

Read full article →

Ultimate guide to PowerShell Empire: from installation to persistence in the target system

Date: 30/05/2021

Author: RalfHacker

Empire is a popular post-exploitation tool for Windows, Linux, and macOS. This article addresses all key aspects of this framework, including its most frequently used functions. Even if you are a seasoned pentester, you will likely find something new and useful in this material.

Read full article →

Attacking Active Directory. An overview of actual privilege escalation techniques

Date: 26/06/2020

Author: RalfHacker

Compromising a domain controller involves more than just finding a known vulnerability, stealing user credentials, or identifying an error in the security policy settings. The above ‘achievements’ grant only the minimum access level that may be insufficient for your goals. Therefore, to deliver a successful attack, you must escalate your system privileges in Active Directory. This article is dedicated to this intriguing process.

Read full article →

Lateral movement in Active Directory. Offensive techniques used to attack the domain

Date: 26/06/2020

Author: RalfHacker

Imagine that you have successfully retrieved users’ accounts in a network with an Active Directory domain controller and escalated your privileges. But what if you control not the entire network, but just a small segment of it? You have to find out how to advance further through the network, escalate your privileges, and search for new entry points and relays.

Read full article →