Connecting to a private Windows EC2 instance without exposing RDP to the internet
Let’s say you have a (Windows or Linux) EC2 instance in a private subnet and want to access it interactively. There are several ways to do this.
Windows
CVE-2021-44147: XML External Entity Vulnerability in Claris FileMaker
Description of a XXE vulnerability in the Claris FileMaker Platform
CRTP Certification Review
A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...
Hack the Box Write-up #10: Buff
Write-up of “Buff” from Hack The Box
Hack the Box Write-up #8: Fuse
Write-up of “Fuse” from Hack The Box
Splitting a binary into chunks on Linux, and re-combining them on Windows
Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into p...
Hack the Box Write-up #7: Bart
Write-up of “Bart” from Hack The Box
Hack the Box Write-up #3: Netmon
Write-up of “Netmon” from Hack The Box
Running commands in a specific user context in PowerShell
Using the Invoke-Command Cmlet, you can execute a script block in the security context of a different user.
Hack the Box Write-up #1: Jerry
Write-up of “Jerry” from Hack The Box
Pivoting: Setting up a port proxy with netsh on Windows
Pivot by setting up a portproxy between your machine and a machine in another network using “netsh interface portproxy add v4tov4 listenport= connectport= co...
HTTP requests with PowerShell’s Invoke-WebRequest – by Example
A few examples on how to do http requests via PowerShell’s Invoke-Webrequest cmdlet.
Hidden in plain sight: Alternate Data Streams
Have you ever wondered how a file in a file listing is shown with size 0 bytes but can still contain data? Or maybe wondered where all that meta data is stor...
Running a script in the Windows Local System account
Today I needed to debug a scheduled script and test its behavior when run in the Windows Local System account instead of my regular domain user’s (this was o...