Kerberos offers plenty of user authentication features. Its main ‘bricks’ are tickets; in the course of penetration testing, the attacker dumps such tickets from the LSASS process memory at least once. Today, I will explain how this operation can be performed without sophisticated hacker tools.

To implement a number of pass-the-ticket attacks, you have to inject a Kerberos ticket into the compromised system. Such tools as Mimikatz, Impacket, or Rubeus can be used for this purpose, but they are easily detected by antiviruses, thus, making this approach ineffective. In this article, I will explain how the ticket injection problem can be solved without special tools: all you need is WinAPI and some magic.

In Windows, privileges play a key role: only the admin has the authority to grant special rights to users so that they can perform their tasks. This article discusses a software tool called Privileger: it enables you to search the system for accounts with certain privileges and change privileges assigned to a given account.

In Windows, most security mechanisms are based on user account passwords. Today, you will learn several techniques making it possible to intercept a password at the time of user authentication and write code that automates this process.

Plenty of anti-debugging techniques are available nowadays, but one of them stands distinctive. Its main principle is not to detect a debugger, but to prevent the app from running in it. This article explains how such a goal can be achieved using parser differentials and fuzzing. You will learn how to craft amazing ELF files that are resistant to debuggers and disassemblers but run smoothly in their native Linux environment.

Sometimes, YARA is called the Swiss Army knife of virus analysts. This tool makes it possible to create a set of rules to detect malicious and potentially dangerous programs quickly and accurately. In this article, I will explain how to write perfect YARA rules so that its engine works at full speed and without error.

Even if your client device isn’t connected to Wi-Fi, it still can be attacked. There is a special category of attacks called Karma that compromise client devices equipped with Wi-Fi modules. This article explains in simple terms how such attacks work.