Author: Margarita Naumova | Microsoft MVP | MCM SQL Server | Data Engineer | MCT The Starting Point: A Login With Nothing Imagine a login just created on your SQL Server instance (especially the one with a weak password). No database access granted. No roles assigned. No permissions of any kind. Here is what it […]
Author: Paula Januszkiewicz, CEO of CQURE & CQURE Academy, Cybersecurity Expert, MVP & RD, MCT Intro Cybersecurity used to have a relatively shared vocabulary. Firewalls. Antivirus. Patching. Perimeter defense. These concepts once formed a common language understood not only by security teams, but also by IT, leadership, and even non-technical stakeholders. Security discussions were simpler, […]
We’re diving into a classic but devastatingly effective exploit path. Many organizations leave their SQL Servers vulnerable through a combination of three simple misconfigurations: a database set to “trustworthy,” an owner with sysadmin rights (like SA), and a low-privilege user with db_owner permissions. By abusing these settings, an attacker can create a stored procedure that […]
The scenario is straightforward: a regular domain user has WRITE permissions on a shared folder. That’s enough to plant a malicious .lnk file pointing to an attacker-controlled SMB server. The moment another user browses that share in File Explorer, the system attempts authentication automatically – and the NETNTLMv2 response is captured. From there, the path […]
In active-duty security, time is your most valuable asset. Most hunters struggle because they try to write a brand-new query for every single alert. This creates a messy library of code that is hard to manage. Kajetan, one of our frontline experts, shows you how to use one “Base Query” as a launchpad for three […]
In active-duty threat hunting, time is the only currency that matters. Most IT professionals struggle with queries bogged down by excessive calculations or filtering applied far too late in the pipeline, creating a bottleneck that can obscure critical indicators of compromise. Kajetan, one of our frontline practitioners, walks through five practical techniques that immediately improve […]
In this episode, we start by verifying vulnerable configurations on SRV01 (10.10.10.20) and Windows 11 (10.10.10.40). Server and client SMB signing enforcement is false. Nmap confirms “enabled but not required,” and NetExec scans the network to list relay targets (/tmp/relay.txt). Responder (NetBIOS/LLMNR poisoner, SMB/HTTP disabled) listens on eth0. Impacket-ntlmrelayx (-i interactive, –target-file relay.txt) relays intercepted […]
The Experiment Setup Our test environment was configured for maximum network security, with both the server (SRV01) and the client (WIN11-01) explicitly set to support and require SMB signing. The Critical Finding Despite having SMB signing enforced on both endpoints, our packet capture yielded a critical, visible finding: the entire contents of the file, “SMB […]
We begin on the Domain Controller, where the Group Policy setting “Network security: Restrict NTLM: NTLM authentication in this domain” is initially set to Disabled. This allows NTLM-based authentication to proceed – opening the door for potential relay attacks. On the attacker machine (running Kali Linux), the Responder and Impacket’s ntlmrelayx tools are launched. Once […]
Setting up the Attack We start with three machines: On Kali, we enable packet forwarding and run the arpspoof tool to trick both the client and the domain controller into believing that Kali is the other host. This successfully poisons the ARP cache, redirecting their communication through our machine. Sniffing ICMP Traffic With ARP spoofing […]
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
