04 Jun 2024 · 19 min
Author : Pixis
Password spraying is a well-known technique which consists of testing the same password on several accounts, in the hope that it will work for one of them. This technique is used in many different contexts: On web applications, the Cloud, services like SSH, FTP, and many others. It’s also widely used in internal penetration testing with Active Directory. It’s the latter that we’re going to focus on, because although the technique seems simple, it’s not easy to put it into practice without side effects.
Read more →
16 Oct 2023 · 23 min
Author : Pixis
A large proportion of decentralised applications use tokens to work properly. While coins are inherent to each blockchain (Ether for Ethereum, for example, Sol for Solana, etc.), tokens are tokens that are created on an existing blockchain using smart contracts. So, using a smart contract, it is possible to create a token called a “HackndoToken” whose symbol would be “HND”, for example. This token could exist in a limited number, and we could even ensure that each HND token is unique.
Read more →
03 Oct 2023 · 20 min
Author : Pixis
Do you remember the different storage spaces to which the EVM has access? The one comparable to a computer hard disk is the account storage. This is the memory area in which the state of the contract is recorded. But you’ll also remember that the Ethereum blockchain is a decentralised state machine that can be read by anyone. Do you see where I’m going with this? All the data recorded by a smart contract can be read by anyone. If any sensitive data is recorded by a smart contract, we will be able to read it.
Read more →
19 Jul 2023 · 27 min
Author : Pixis
Ethereum Virtual Machine (EVM) is a virtual machine used to manage transactions on the Ethereum blockchain via smarts contracts. It’s an essential component of Ethereum, which we’re going to try and understand together.
Read more →
10 Jul 2023 · 13 min
Author : Pixis
Unlike blockchains such as Bitcoin, which essentially allow Bitcoin cryptocurrency transactions to be sent, Ethereum also has something quite extraordinary: decentralized code execution.
Yes, decentralized. This means that we can write a program, code that is, and have it run not on one server, but on thousands of servers, or nodes. And the output of our program is also recorded in a decentralized way. I don’t know about you, but I think it’s incredible, and it really made me want to dig a little deeper into the subject.
Read more →
03 Jul 2023 · 10 min
Author : Pixis
For several years now, I’ve been interested in a subject you’ve probably heard of: blockchains. I find it fascinating that a technology allows thousands of people to agree on so many subjects without the need for an intermediary. Decentralization is a subject that I believe has a lot of potential, and we’ll see in the long term whether this technology will endure or not. In any case, as it stands, it’s a hot topic! More recently, I’ve become interested in the Ethereum blockchain, smart contracts, and the security of smart contracts. We’re going to talk about all that here, here we go.
Read more →
18 Apr 2020 · 14 min
Author : Pixis
Within an Active Directory, services can be used by users. Sometimes these services need to contact others, on behalf of the user, like a web service might need to contact a file server. In order to allow a service to access another service on behalf of the user, a solution has been implemented (introduced in Windows Server 2000) to meet this need : Kerberos Delegation.
Read more →
01 Apr 2020 · 46 min
Author : Pixis
NTLM relay is a technique of standing between a client and a server to perform actions on the server while impersonating the client. It can be very powerful and can be used to take control of an Active Directory domain from a black box context (no credentials). The purpose of this article is to explain NTLM relay, and to present its limits.
Read more →