Hacking Articles
@hackinarticles
21.1K subscribers
1.13K photos
165 files
777 links
House of Pentester
Download Telegram
About
Blog
Apps
Platform
Join
Hacking Articles
21.1K subscribers
Hacking Articles
A Competition Policy For Cloud And Ai.pdf
1.5 MB
1.23K views
Hacking Articles
CISO Guide to AI Powered Attack
❀1
1.33K views
Hacking Articles
CISO Guide to AI Powered Attack.pdf
1.7 MB
1.46K views
Hacking Articles
πŸš€ Active Directory Penetration Training (Online) – Register Now! πŸš€

πŸ”— Register here: https://forms.gle/bowpX9TGEs41GDG99
πŸ’¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1

πŸ“§ Email: info@ignitetechnologies.in

Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.

βœ”οΈ Comprehensive Table of Contents:
πŸ” Initial Active Directory Exploitation
πŸ”Ž Active Directory Post-Enumeration
πŸ” Abusing Kerberos
🧰 Advanced Credential Dumping Attacks
πŸ“ˆ Privilege Escalation Techniques
πŸ”„ Persistence Methods
πŸ”€ Lateral Movement Strategies
πŸ›‘οΈ DACL Abuse (New)
🏴 ADCS Attacks (New)
πŸ’Ž Saphire and Diamond Ticket Attacks (New)
🎁 Bonus Sessions
❀2
1.25K viewsedited  
Hacking Articles
Python List Methods
πŸ‘3
1.09K views
Hacking Articles
Useful Python Libraries
πŸ‘2❀1
1.05K viewsedited  
Hacking Articles
Python 3
935 views
Hacking Articles
Python Roadmap
❀1
913 views
Hacking Articles
Tcpdump Mindmap

πŸ”΄βš«Full HD: https://github.com/Ignitetechnologies/Mindmap/blob/main/Tcpdump/tcpdump%20UHD.png
886 viewsedited  
Hacking Articles
Rust Security Risks Explained Through Simple Scenarios
✴ Twitter: Share this thread

Understand Rust’s security pitfalls and how to avoid them with these analogies:

☒ Unsafe Code Misuse
Scenario: Bypassing seatbelts β†’ Crash injuries guaranteed.
Risk: unsafe blocks disable Rust’s memory safety, risking corruption.
Defense: Minimize unsafe; validate inputs and use references (&mut T).

☒ Dependency Confusion
Scenario: Fake package delivery β†’ Malware in your project.
Risk: Unpinned Cargo dependencies fetch malicious versions.
Defense: Pin exact versions (rand = "=0.8.4") and audit Cargo.lock.

☒ Integer Overflow
Scenario: Odometer rolls over β†’ Mileage resets to zero.
Risk: Arithmetic operations panic/crash in debug mode.
Defense: Use Wrapping types or checked methods (x.checked_add(200)).

☒ Panic-Driven Crashes
Scenario: Fire alarm for minor issues β†’ Chaos.
Risk: Unrecoverable panics disrupt applications.
Defense: Prefer Result/Option for graceful error handling.

☒ Race Conditions
Scenario: Two chefs sharing a knife β†’ Bloody fingers.
Risk: Threads corrupt shared state without synchronization.
Defense: Use Mutex/Arc or message passing (std::sync::mpsc).

☒ Out-of-Bounds Access
Scenario: Reading someone else’s mail β†’ Privacy breach.
Risk: Array indexing beyond bounds leaks data/crashes.
Defense: Always use .get(index) with bounds checks.

Key Defensive Actions
Audit Dependencies: cargo audit for known vulnerabilities.

Lint Code: Enable #![forbid(unsafe_code)] where possible.

Test Thoroughly: Fuzz with cargo-fuzz to find edge cases.

Log Errors: Use tracing or log crates for diagnostics.

Concurrency Checks: Run MIRI (Rust’s interpreter) to detect data races.
1.02K views
Hacking Articles
Attacking Rust.pdf
2 MB
❀1
975 views
Hacking Articles
Java Security Risks Explained
✴ Twitter: Share this thread

☒ JNDI Injection
Scenario: Fake delivery β†’ RCE via LDAP.
Risk: logback.xml loads malicious classes.
Fix: Disable reloadByURL; use Java β‰₯8u191.

☒ Deserialization
Scenario: Tampered package β†’ RCE.
Risk: ObjectInputStream executes gadget chains.
Fix: Use ValidatingObjectInputStream; whitelist classes.

☒ XXE
Scenario: Malicious XML β†’ file read.
Risk: DocumentBuilder parses external entities.
Fix: Disable DTDs: setFeature("disallow-doctype-decl", true).

☒ Auth Bypass
Scenario: Path manipulation β†’ admin access.
Risk: startsWith()/endsWith() filters bypassed.
Fix: Normalize paths; strict validation.

Key Defenses
Patch: Update Java/JNDI.
Log: Monitor Runtime.exec().
Least Privilege: Restrict RMI/JMX.
1.1K viewsedited  
Hacking Articles
Attacking Java.pdf
2 MB
1.05K views
Hacking Articles
πŸš€ AI Penetration Training (Online) – Register Now! πŸš€

πŸ”— Register here: https://forms.gle/bowpX9TGEs41GDG99
πŸ’¬ WhatsApp: https://wa.me/message/HIOPPNENLOX6F1

πŸ“§ Email: info@ignitetechnologies.in

Limited slots available! Hurry up to secure your spot in this exclusive training program offered by Ignite Technologies.

🧠 LLM Architecture
πŸ” LLM Security Principles
πŸ—„οΈ Data Security in AI Systems
πŸ›‘οΈ Model Security
πŸ—οΈ Infrastructure Security
πŸ“œ OWASP Top 10 for LLMs
βš™οΈ LLM Installation and Deployment
πŸ“‘ Model Context Protocol (MCP)
πŸš€ Publishing Your Model Using Ollama
πŸ” Introduction to Retrieval-Augmented Generation (RAG)
🌐 Making Your AI Application Public
πŸ“Š Types of Enumeration Using AI
🎯 Prompt Injection Attacks
🐞 Exploiting LLM APIs: Real-World Bug Scenarios
πŸ”‘ Password Leakage via AI Models
🎭 Indirect Prompt Injection Techniques
⚠️ Misconfigurations in LLM Deployments
πŸ‘‘ Exploitation of LLM APIs with Excessive Privileges
πŸ“ Content Manipulation in LLM Outputs
πŸ“€ Data Extraction Attacks on LLMs
πŸ”’ Securing AI Systems
🧾 System Prompts and Their Security Implications
πŸ€– Automated Penetration Testing with AI
❀1
1.18K views
Hacking Articles
2FA Bugs
1.1K views
Hacking Articles
Azure Mindmap
1.16K views
Hacking Articles
Azure Service
1.05K views
Hacking Articles
Cloud Security Framework
904 views
Hacking Articles
ADCS ESC16 – Security Extension Disabled on CA (Globally)

✴ Twitter: https://x.com/hackinarticles

The ESC16 vulnerability in AD CS allows attackers to bypass certificate validation and escalate privileges through misconfigured templates, UPN mapping, and shadow credentials.

πŸ“˜ Overview of the ESC16 Attack
πŸ“‹ Prerequisites
πŸ§ͺ Lab Setup
🎯 Enumeration & Exploitation

🧠 Post Exploitation
β€ƒπŸ” Lateral Movement & Privilege Escalation Using Evil-WinRM

πŸ›‘οΈ Mitigation
929 views
Hacking Articles
https://www.hackingarticles.in/adcs-esc16-security-extension-disabled-on-ca-globally/
Hacking Articles
ADCS ESC16 – Security Extension Disabled on CA (Globally)
Learn how to exploit ESC16 misconfiguration: CA disables SID binding globally, enabling ADCS certificate-based impersonation.
1.05K views
Hacking Articles
ESC16.pdf
2.2 MB
1K views