https://ashizzz.github.io/Threat Researcher Security Enthusiast 2026-01-07T22:28:56+05:45 ashizZz https://ashizzz.github.io/ Jekyll © 2026 ashizZz /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2024-09-17T00:00:00+05:45 2024-11-15T23:30:29+05:45 https://ashizzz.github.io/posts/SocketFilters/ ashizZz

Socket filters provide a mechanism at the kernel level for filtering, managing, and controlling network traffic. By using these filters, network administrators, security software, and even adversaries can craft controlled network communication pathways by selectively allowing or blocking traffic based on specific criteria. Socket filters operate by attaching filters—typically using the Berkele...

2024-09-17T00:00:00+05:45 2024-11-17T13:12:12+05:45 https://ashizzz.github.io/posts/Port-Knocking/ ashizZz

Port knocking is a stealthy network security technique designed to shield services like SSH from unauthorized access and routine port scans. By requiring a predefined sequence of connection attempts to specific ports, it acts as a covert “key” to unlock access, effectively obscuring sensitive services from prying eyes. While often used by administrators to add an extra layer of security, advers...

2024-09-17T00:00:00+05:45 2024-11-20T14:30:40+05:45 https://ashizzz.github.io/posts/Kerberoasting/ ashizZz

kerberoasting → Post-exploitation attack technique that is used to obtain a password hash of an AD account that has servicePrincipalName(SPN) value. → SPNs are used to identify services and applications. → SPNs are registered to user or computer accounts known as service accounts. → typically granted the least privilege necessary to perform their function → When a client requests a service ...

2024-09-16T00:00:00+05:45 2024-09-16T00:00:00+05:45 https://ashizzz.github.io/posts/ZeroLogon/ ashizZz

NTDS Dumping → caused by a flaw in the cryptographic authentication scheme used by net logon Remote protocol(MS-NRPC) that causes authentication to be bypassed. → By bypassing an authentication token for specific Netlogon functionality, the attacker was able to call a function to set Domain controller password to a known value. → attacker can control the DC and steal the creds of all register...

2024-09-16T00:00:00+05:45 2024-09-16T00:00:00+05:45 https://ashizzz.github.io/posts/NTDSdumping/ ashizZz

NTDS Dumping → AD stores domain information in the NTDS.dit file which is located default in %SystemRoot%\ntds\ on dc → file contains critical domain information such as password hashes for users → To gain access to th NTDS.dit file the attacker must already have administrator access in the enviroment → If attacker has access to the domain controller, they can exfiltrate the NTDS.dit file a...