NTLM rely attack

Link: Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678) (crowdstrike.com)

The precise ins and outs of NTLM authentication attacks can be a little hard to follow, as there are a lot of moving parts. This article from Crowdstrike does a reasonable job of not getting too far into the weeds, covering the basics quickly before moving into the meat of the issue.

It isn’t uncommon for the spooler service to get a Windows server in trouble. There was the attack in the context of Unconstrained Delegation that comes to mind, as well as some remote code execution issues even futher back.

Good article and well sourced.

How i test for socket?

Link Everything You Need to Know About Web Socket Pentesting (appknox.com)

A well formatted document explaining the basics of WebSockets, and a series of scopes for considering the ramifications of testing the sockets (blackbox testing, etc). It isn’t very technical or deep (betraying the title somewhat…), so there are probably more resources out there for really digging into the protocol, but it’s enough to get you started and oriented.

Very sneak, such walkthrough, wow

Link: Sneakidia

I haven’t had time to read everything here, but what caught my eye about this site were the scenario-based walkthroughs. The most popular post of my Post-OSCP series was part 4 where I used the primer material from part 3 to practice the techniques on a tiny Active Directory. The two latest posts here are similar in structure, going over potential tools and such, and making suggestions. It doesn’t actually simulate a full attack in the same way though, so I will remain very proud of my previous work, thanks!