Encrypted Thoughts | Cybersecurity, Pentesting & Threat Intelligence

Posted by: CyberSec Labs Tags: #Security #CTF #ICAP #Exploitation #Python #WebSecurity #RedTeaming Have you ever come across ICAP (Internet Content Adaptation Protocol) in a CTF challenge or internal penetration test? While often overlooked, misconfigured ICAP services can be a goldmine for attackers — especially when they blindly trust modified requests. In this post, we’ll walk through how to: Analyze a suspicious ICAP REQMOD request Identify privilege escalation vectors Write a custom Python exploit Scale it using a list of vulnerable hosts ( targets.txt ) And potentially gain access to admin endpoints like /admin/config Let’s dive in. 🧩 What Is ICAP? ICAP (Internet Content Adaptation Protocol) is used primarily by proxy servers (like Squid) to offload content filtering, virus scanning, or modification tasks to external services. Two main operations: REQMOD : Modify incoming HTTP requests RESPMO...

📋 Table of Contents 1. Introduction to PowerShell Execution Policies 2. Understanding Execution Policy Mechanisms 3. Basic Bypass Techniques 4. Advanced Bypass Methods 5. PowerShell Script Signing 6. Converting PowerShell to Executables 7. Advanced Obfuscation Techniques 8. Steganographic Delivery Systems 9. Bypassing Reputation-Based Protection 10. Practical Implementation Scenarios 11. Detection Evasion Strategies 12. Conclusion and Best Practices 🔒 Introduction to PowerShell Execution Policies This guide is used in professional penetration testing training and aligns with MITR...

A Realistic Adversary Simulation Based on Mandiant & Google Cloud's Findings Overview MITRE TTPs Red Team Plan IOCs Detection 📌 Who is UNC3886? UNC3886 is a suspected Chinese state-sponsored cyber espionage group uncovered by Mandiant and Google Cloud. The actor specializes in stealthy, long-term compromise of high-value network infrastructure, including: Fortinet FortiGate firewalls (CVE-2022-41328) Juniper JunOS routers (CVE-2025-21590) VMware ESXi hypervisors (CVE-2023-20867) vCenter servers and TACACS+ authentication systems UNC3886 uses zero-day exploits, custom malware (CASTLETAP, RIFLESPINE, VIRTUALPIE), rootkits (REPTILE, MEDUSA), and dead-drop C2 to maintain persistent access while evading detection. APT Group Espionage Zero-Day Exploitation VMware ESXi Fortinet Juniper Google Drive C2 ...

🏢 The Digital Nomad's Dilemma: Trapped Behind the Corporate Firewall Ever felt like your corporate laptop is a fortress, and you're stuck outside the gates? You're not alone. In today's flexible work environment, accessing your work machine from home, a coffee shop, or a co-working space is more than a convenience—it's a necessity . But corporate firewalls, designed to keep intruders out, can often feel like they're keeping you out too. What if I told you there's a way to securely and reliably access your corporate laptop from anywhere, without setting off alarm bells or leaving a trail of breadcrumbs for the IT department to follow? In this guide, we'll unlock the secrets of RDP over SSH reverse tunneling, a powerful technique that will change the way you work remotely. 🎯 The Mission: Secure, Untraceable Access Our mission, should you choose to accept it, is to establish a secure Remote Desktop Protocol (RDP) connection to ...