Pentesting on Amit Agarwal Linux Blog

Abusing Active Directory Certificate Services with Certipy: From Initial Access to Beyond Root

Tue, 30 Dec 2025 00:00:00 +0530

This post covers an alternative attack path in an Active Directory lab using AD CS misconfigurations. It walks through Certipy-based enumeration, certificate abuse, domain escalation, and advanced post-compromise recon beyond Domain Admin.

Building and Breaking a Vulnerable Active Directory Lab: Full Exploitation Walkthrough

Mon, 29 Dec 2025 00:00:00 +0530

This post shows how to build a vulnerable Active Directory lab and then exploit it step by step, with real commands, real attack paths, and real lessons.

Mobile_App_Mindmap

Thu, 28 Aug 2025 00:00:00 +0530

How Vim Can Make a Hacker’s Life Easier with Macros and Registers

Sun, 09 Mar 2025 00:00:00 +0530

How Vim Can Make a Hacker’s Life Easier with Macros and Registers

Why Every Hacker Should Master Vim Macros and Registers

If you’re deep into hacking, pentesting, or security research, you know that automation is key. Repetitive tasks like manipulating payloads, encoding/decoding strings, or tweaking shell scripts can become tedious. Enter Vim macros and registers! These powerful features let you record and replay keystrokes, making your workflow insanely efficient.

No that I dont use IDE’s the likes of Visual Studio code (sometimes I do). However they can never match the raw power of vi/vim/nvim or any of the vim family of editors. To reap the maximum benefit, you have to learn the basics of using the editor in normal mode ( which is by the not the editing mode).

Using Burp with Containers In Docker

Sat, 08 Feb 2025 00:00:00 +0530

Making Docker Containers Trust Burp Suite’s CA for Testing

When testing applications running inside Docker containers, intercepting traffic with Burp Suite can be challenging because containers don’t automatically trust Burp’s CA certificate. Without trust, HTTPS requests from inside the container will fail with certificate errors.

In this post, I’ll show you how to:

Add Burp Suite’s CA to your host system
Pass the trusted CA to Docker containers
Ensure seamless HTTPS traffic interception for testing

Let’s get started!

Cyborg Room Walkthrough

Sun, 17 Nov 2024 00:00:00 +0530

Room Overview

Room URL: Cyborg

Room IP: 10.10.79.217 - This will be different for you.

Recon

We begin our reconnaissance phase by scanning the target using Nmap. This helps us identify the open ports and services running on the machine.

Starting Nmap 7.60 ( https://nmap.org ) at 2024-10-28 16:28 GMT
Nmap scan report for ip-10-10-79-217.eu-west-1.compute.internal (10.10.79.217)
Host is up (0.018s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 db:b2:70:f3:07:ac:32:00:3f:81:b8:d0:3a:89:f3:65 (RSA)
|   256 68:e6:85:2f:69:65:5b:e7:c6:31:2c:8e:41:67:d7:ba (ECDSA)
|_  256 56:2c:79:92:ca:23:c3:91:49:35:fa:dd:69:7c:ca:ab (EdDSA)
80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
MAC Address: 02:1F:A9:A5:69:89 (Unknown)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap done: 1 IP address (1 host up) scanned in 8.96 seconds

Web Enumeration

Next, we perform directory enumeration using Gobuster to find hidden directories on the web server.

Preparation and Review of eMAPT (INE security FKA eLearnSecurity Mobile Application Penetration Tester

Fri, 05 Apr 2024 00:00:00 +0530

I started thinking about Mobile pentesting sometime back. Finally in Feb/2024, I paid for the yearly subscription for INE and added eMAPT to my cart. If you dont know about eMAPT cert, then head over to eMAPT certification. And as per their home page

The Mobile Application Penetration Tester (eMAPT) certification is issued to cyber security experts that display advanced mobile application security knowledge through a scenario-based exam.

And on Apr/05/2024, I got My Certificate.