Michał Szałkowski
Senior Software Engineer Security Something Something
Software Developer with experience in backend technologies such as JEE, Spring and frontend technologies such as Angular. Free time spending on learning and testing new things and blogging about it. Enthusiast of Unit Testing (TDD) and Clean code. Penetration Tester / Ethical Hacker
- / Java / Spring / Bash / Python /
- / AWS / K8S /
- / Web Security / Cloud Security / Penetration Testing /
Bruteforce
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. more
Web Enumeration
Web enumeration, also known as web scraping or web crawling, is the process of automatically gathering information from the internet. This process involves using software tools to access and extract data from websites or online sources. more
Port Enumeration
Port enumeration, also known as port scanning, is the process of scanning a computer or network to identify open ports and services running on those ports. By scanning a computer or network for open ports, an attacker can gain valuable information about the services running on the target system and potentially identify vulnerabilities that can be exploited to gain unauthorized access. more
Pivoting, tunneling and port forwarding
Pivoting, tunneling, and port forwarding are concepts commonly used in networking and cybersecurity to establish communication channels or access resources between different networks or systems securely. They are often used in scenarios where direct connectivity is restricted or where security measures need to be taken into consideration. more
Man-in-the-Middle attack
A Man-in-the-Middle (MitM) attack is a type of cybersecurity attack where an attacker intercepts or inserts themselves into the communication between two parties without their knowledge. In this attack, the attacker positions themselves between the sender and the receiver and can potentially eavesdrop on, alter, or manipulate the communication. This can lead to a breach of confidentiality, integrity, and authenticity of the data being exchanged. more
Kubernetes
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications. more
Kerberoasting
Kerberoasting is a technique used in cybersecurity attacks that targets the weakness in the way some organizations implement the Kerberos authentication protocol. more
ASREPRoasting
What is AS-REP Roasting? AS-REP Roasting is a technique that enables adversaries to steal the password hashes of user accounts that have Kerberos preauthentication disabled, which they can then attempt to crack offline. more
Pass the hash
"Pass the hash" is a type of cybersecurity attack that targets the authentication protocols used in Windows-based systems. This attack involves the attacker obtaining and using the hashed password of a user without actually needing to know the user's plaintext password. more
Pass the Ticket
A "Pass the Ticket" attack is a type of cyber attack that targets the Kerberos authentication protocol, commonly used in Microsoft Windows environments. This attack is part of a broader category of attacks known as "Kerberoasting" attacks, which exploit weaknesses in the way Kerberos tickets are issued and used within an Active Directory environment. more