Mubarak Ahmed

LDAP is  the Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories. The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory "Microsoft" . The major operations can be performed by LDAP : Add :  add new data. Bind : Authenticate ( Use LDAPS over  port  636 not 389 ) Delete :  Delete data. Search and Compare. Unbind :  close the connection. LDAP injection is similar in principle to SQL injection attack, the main objectives of LDAP injection to exploit the web application vulnerabilities in order to exfiltrate login names of users as well as users' information. This step is an important step prior to privilege escalation attack. Let us  suppose  that ABC company had an application called Rocky :). ...

Windows Incidents Response (Practical - 11 Steps ) When a system encounters an incident, the common reaction among most people will be to panic and jump straight into the system to find out the cause and hopefully try to get it back to normal working condition as soon as possible. In most cases, not all systems can afford the downtime to carry a full investigation before knowing the most possible cause (SANS). In this post, I will elaborate basics steps might be will help you in Windows Incidents Response  (IR) to expedite IR. I have summarized the process in 11 steps. Let us assume that a machine named Desktop-ABC connected to the ABC domain was compromised and as the lead incident responder on your system admin team, your task is to use incident response methodologies to determine what happened, identify any malicious files found on the system, and take the appropriate steps to resolve the issue. Let us start, After connected to  Desktop-...