In the world of cybersecurity, attackers rarely drop their full payload upfront. Instead, they rely on stagers—lightweight, initial-stage programs designed to retrieve and execute the actual malicious payload.

Have you ever wondered what lurks beneath the surface of the digital world? Imagine cyber adversaries so sophisticated that they’re less like smash-and-grab thieves and more like master strategists, carefully orchestrating complex digital campaigns that can span years.

In this blog post, I’ll be writing few details about a vulnerability CVE-2019-17662 I discovered in ThinVNC. ThinVNC is a remote desktop client which works on web. I found an arbitrary file read vulnerability through which the authentication set can be bypassed. An attacker can gain remote terminal access abusing this vulnerability.

This is part 2 of Cyber Kill Chain series. In the previous blog posts we’ve talked about the initial 4 phases of the Cyber Kill Chain, in this blog post we will be discovering the remaining 3 phases of the kill chain. You can read my previous blog post here. We have discussed till the part where an attacker exploits some service / software in the network. The next phase of the kill chain talk about persistence, lateral movement aspects of an attack.

Back in February 2019, I wanted to dive in deeper into the active directory aspects of security. I just had a minimalistic idea about it, but I always wanted to learn the attacks on Active Directory from both the Red and Blue team’s perspective. I saw the tweet from PentesterAcademy about the new course they were going to launch “ACTIVE DIRECTORY LAB”. I just saw the content covered in the course and the price of the course. Immediately, I WAS ALL IN! I might be one of the first few ones who signed up for the course. I purchased the 30 - days lab time. I just wanted to share with you about what I feel about the Active Directory Lab from PentesterAcademy.

This is part 1 of Cyber Kill Chain series. In this series of blog posts I’ll be talking about various phases of an attack. With this series of Blog posts I hope to help people understand how blue team works and how threat intelligence can be gained by attributing the attackers based on various parameters. We will be exploring those parameters as well. <br>