PenTest: Play in Your Own Pentest Lab in 2022

Dear PenTest Readers,

In this edition of PenTest Mag our authors present you with various techniques that will certainly be useful in your own pentest lab. Pentesting labs should not only be limited to sets of tools that you use, as you also need efficient techniques in performing your ethical hacking activities! No matter how good your customized tool set is, it would be for nothing without proper tips & tricks for your tests! :)

The publication covers a wide range of practical tutorials on multiple offensive security fields: mobile pentesting, Active Directory Exploitation, AWS penetration testing with an IAM based access, threat modeling, and more! There is also a special treat for those of you who are interested in hunting for vulnerabilities in online games and NFT tokens, topic researched by CySource.

Get your own lab ready and let’s play a game together :)

Special thanks to all amazing contributors, reviewers, and proofreaders who helped in creating this issue.

Without further ado,

Enjoy your reading!

PenTest Magazine’s Editorial Team.

---

Table of Contents

---

Android Application Pentest

by Gabrielle Botbol

Mobile pentesting is part of the pentester's testing routine. However, it is not widely documented. In the life of a pentester, at one time or another, we have to conduct mobile pentests because the needs are getting bigger. This article deals with an essential part: how to do a setup to test Android applications. I will also present the process of pentesting an Android application and give some practical examples.

---

Play to Earn or Insecure to Play?

by Marlon Fabiano of CySource

With regards to De-Fi, which enables the delivery of financial services without the need for any intermediary, Dapp enables the creation of decentralized applications based on the blockchain. Taking advantage of this freedom, "NFT games" grew in the shadow of these concepts since anyone could create a game without the need for subject matter experts, such as software development, infrastructure, or even security professionals. But from a security point of view, what does this mean?

---

Attacking Kerberos Constrained Delegation Accounts [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]

by Nairuz Abulhul

Delegation is the act of giving someone authority or responsibility to do something on behalf of someone else. In the Active Directory, delegation is a feature that enables specific accounts (user or computer) to impersonate other accounts to access particular services on the network. There are three (3) known types of delegations allowed with Kerberos: Unconstrained, Constrained, and Resource-based constrained delegations. For this article, we will focus on the Constrained delegation. We will learn to abuse this type of delegation during a penetration testing engagement and chain it with other attacks, such as the DCSync, to obtain the domain controller hashes.

---

Complete AD Compromise via Exploiting Zerologon Vulnerability (CVE-2020-1472)

by Sarang Tumne

During August of 2020, a critical flaw in Microsoft’s Netlogon process was identified that allows an attack against Microsoft Active Directory domain controllers. This vulnerability is so brutal, an attacker can impersonate any computer, including the root domain controller.

---

How to Set Up a PenTest Lab Using Core Impact

by Pablo Zurro

Though the never-ending challenges of cybersecurity can sometimes feel overwhelming, it does ensure that pentesters are rarely bored. In fact, one of the best parts about being a pentester is that there is always more to learn—curiosity isn’t just encouraged, it’s required. In order to foster the growth of new skills, pen testing labs have become an essential way for new and advanced pentesters to safely practice different methods and ensure they’re staying up to date on the latest techniques. And conveniently, these labs don’t even require goggles or a white coat! (But bonus points if you wear them anyway.)

---

Gain Remote Shell Access with Python

by Faiyaz Ahmad

In this article, we are going to learn how we can use Python to create a payload that will give us shell access to the target machine. We will assume that the target is a Windows machine. By creating our own payload with Python, we will be able to evade many antiviruses and we’ll get a deep understanding of how payload works.

---

AWS Penetration Testing Series - Part 1

by Dinesh Sharma

In today’s world, no one can imagine an infrastructure without cloud. Cloud infrastructures are easy to use, cheap and, with little IT experience, one can manage them easily because of their predefined security and functional policies. There are many cloud service providers available in the market. Some of them are AWS, AZURE, GCP, etc. If the market share of the cloud service provider is considered, then AWS is the lead player. Most companies use AWS as their primary cloud infrastructure. AWS is most trusted as well as cheap. That's why even startups prefer AWS over any other cloud service provider.

---

Threat Management for SMEs

by Bruce Williams

I recently came across a product that excited me. This article explains why it excited me based on my experience with new products that are game changers. In a very crowded marketplace, sometimes a product attracts your attention as it improves the situation.

---

Mobile Exploitation in Practice

by Sanjeev Patel

The mobile OS ecospace is predominantly filled by the following two OSs: Android and iOS. We will be looking at the architecture, the default security mechanisms implemented, and safeguarding techniques. There is no comparison between the two operating systems, and we will go through both OSs one by one.

---

Threat Modelling: Case Studies

by Vinod Gupta

Remember, this is not a one-time activity; as the technology evolves, the threat landscape evolves. A certain system that is secure today might not be secure tomorrow. One has to keep a watch for all the system parts. It is vital to understand that all systems interact with other systems and not only users. To be precise, there is no formal process, it is more like use what works.