Blog

This article describes the solution steps for the retired machine named “ICECREAM” on the PriviaHub platform. First, a scan was initiated to identify the open ports on the machine, the current services running on those open ports, and the operating system. The scan was performed using the NMAP tool by running the command nmap -A […]

During penetration tests, after gaining access to a machine, different stages are required. If access to the machine has been obtained through a user account with low rights and privileges, this will not allow operations requiring elevated privileges to be performed on the machine. To address this, it will be necessary to carry out privilege […]

There are millions of third-party applications in the Facebook ecosystem, and most of these applications do not have a bug bounty programme through which the vulnerabilities present in the application can be detected and reported. Facebook launched the “Data Abuse Bounty” programme in order to enhance the security of third-party applications and the websites within […]

Two critical security vulnerabilities have been discovered in LibreOffice, one of the popular office software applications. LibreOffice is a widely used free and open-source office suite that includes word processing, spreadsheet, and presentation applications. The vulnerability identified with the code CVE-2019-9848 is found in the LibreLogo component that ships with LibreOffice and uses turtle vector […]

Nishang içerisinde post-exploitation işlemleri sırasında kullanılabilecek olan, Powershell dilinde yazılmış script kodları bulunmaktadır.

Nishang is a post-exploitation toolkit developed by Nikhil Mittal. Nishang contains script code written in PowerShell that can be used during post-exploitation operations. With Nishang’s script code, operations such as port scanning, information gathering, privilege escalation, credential retrieval and backdoor deployment can be performed. The most important advantages of this tool are: because they are […]