/categories/cybersecurity/ Recent content in CyberSecurity on t0o0tz.com Hugo -- gohugo.io zh-cn ©2021 t0o0tz.com Thu, 20 Apr 2023 00:00:00 +0000 /posts/post0x0009/ Thu, 20 Apr 2023 00:00:00 +0000 /posts/post0x0009/ Asymmetric Key Cryptography Asymmetric key cryptography (aka public key cryptography) is the concept of using a public and private key to encrypt and decrypt data. The public and private keys are linked mathematically. In asymmetric cryptography both Steve and Meg will use their own unique private keys to encrypt a message. In the example below Meg uses Steve’s public key to encrypt a message for Steve’s eyes only. Once Steve receives the message he can decrypt by using his private key. /posts/post0x0008/ Thu, 31 Mar 2022 00:00:00 +0000 /posts/post0x0008/ Symmetric Key Cryptography Cryptography is very, very complex… As it should be. It keeps us and our data safe and secure. This write-up will provide an overview of Symmetric Key Cryptography Cryptography - What’s The Point? There are many use cases for cryptography, but the most obvious is confidentiality. We want to ensure our private data remains private. Simple as that. Cryptography can also be used to ensure integrity, Nonrepudiation, and authentication /posts/post0x0006/ Sun, 25 Oct 2020 00:00:00 +0000 /posts/post0x0006/ CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER I started listening to the Cloud Security Podcast this past month. Great digestible interviews with security professionals from different fields. This episode really caught my attention when they discussed bug bounty hunters using a continuous monitoring technique involving favicon hashes. What’s a favicon: A favicon is the tiny logo you see in the tab section of your browser. For instance you should (if on a desktop browser) see this little egg next to the title of this page. /posts/post0x0004/ Wed, 27 May 2020 00:00:00 +0000 /posts/post0x0004/ Linux privilege escalation can be a weak point for many penetration testers. Scripts such as LinEnum have attempted to make the process of finding an attack vector easier; However, it can be hard to digest the results if you don’t know what to look for. Below are my notes on uploading the LinEnum.sh script to a remote machine, running the script, and reading the results. DISCLAIMER - I used a retired HTB machine (OpenAdmin) as my remote victim machine. /posts/post0x0003/ Tue, 14 Apr 2020 00:00:00 +0000 /posts/post0x0003/ What is Kerberos Kerberos, developed by MIT, is a network authentication protocol used in Active Directory most commonly running on port 88 with password management on port 464. The Kerberos protocol enables a client/user to identify itself to a server (and vice versa) across a network - thus providing strong authentication. However, Kerberos does not Authorize which services the client/user can access (this is normally done by LDAP). Prerequisites Kali Linux Impacket Grab the latest stable release, unpack it and run ‘pip install .