EBENEZER ADU-BITHERMAN

From null session to AS-REP roast from scratch — unauthenticated guest access → RID brute-force → parsed AD user list → LDAP preauth targeting → domain hashes harvested ​This is what weak default permissions + missing Kerberos preauth look like in the real world.

Beyond automated tools, true research demands patience. Take Wireshark—mastering packet analysis requires deep, manual filtering through network noise. Or Burp Suite—where tweaking requests and hunting logic flaws is a patient, iterative process.

Ever wondered how a network is brought to its knees? 📉 DHCP Starvation is a DoS technique where an attacker floods a server with spoofed requests to exhaust the IP pool. ​This creates a vacuum where nobody will be able to connect to the network.@elormkdaniel @RedHatPentester

@apoyusikenturk_ May be they are false positive and try exploiting it manually

@focus_furry Found sql vulnerabilities on many different websites using Zap, but its not working

Burp Suite vs. ZAP? 🛡️ Burp Suite is the gold standard for deep manual testing & OAST. ZAP is a powerhouse for automation, scripting, and CI/CD integration. The best pros use both: ZAP for the scan, Burp for the exploit. BUT I LOVE ZAP

NetHunter = limited by phone hardware & needs root. 📱❌ SSH + ngrok = full power of your rig, remotely. 💻🔥 I prefer the remote workflow for my terminal sessions —way more stable for complex tasks. Why settle for mobile limits? 🛡️ @RedHatPentester @elormkdaniel

REST makes you beg for data in multiple trips. GraphQL lets you ask for everything in one. 💚 REST: server decides what you get 🟣 GraphQL: YOU decide what you get Not hype — just the right tool for the right job.@elormkdaniel @RedHatPentester

The silent informant isn't just in your pocket; it’s sitting on your shelf. Vulnerability is the new default.

Building a CMS is easy. Securing it is the real game.The core framework rarely fails; it’s the sprawling third-party plugin ecosystem that’s a goldmine for bugs. One unpatched add-on can trigger privilege escalation or IDOR. @RedHatPentester @elormkdaniel

Ever find a ForceChangePassword edge in BloodHound? ​It's a direct path to account takeover. Use net rpc password to reset the target's credentials and gain immediate access to their shares and privileges. Always map your attack vectors and check those ACLs!

This is exactly the kind of hands-on learning cybersecurity needs. Theory only gets you so far — labs like this build real skills. 🔥

How to turn your Phone into a Hacking Machine

Burp Suite to SQLmap pipeline. 💥 Intercepting a request in DVWA and letting SQLmap do the heavy lifting to extract the database banner.@elormkdaniel @RedHatPentester

@huntnp007 @RedHatPentester @elormkdaniel Exactly

@focus_furry @RedHatPentester @elormkdaniel Pleaseeeeee tell me that Android client handles reverse shells too 😂

The setup is clean, the code is optimized, and the environment is ready for deployment.Stay safe and watch what you download! ​Passing it over to @RedHatPentester @elormkdaniel

NITA is an Agency and not an Authority. I took my time to read about them very well. What they planning to do falls under the powers of an authority. NITA is the agency responsible for implementing Ghana's IT policies. Its mandate includes identifying, promoting and developing innovative technologies. NITA plays a significant national role, its structure and mandate fit more within an implementation/coordination agency than an independent regulatory authority. It does not function as a fully independent national regulator with broad enforcement powers across the ICT sector in the same way an authority typically would. For example, a true authority often has powers to: a. independently regulate an industry, b. issue mandatory licenses, c. enforce compliance, d. impose sanctions or penalties, e. conduct formal investigations, f. operate with stronger statutory independence. This doesn’t fall into the powers of NITA but then they want to execute it. If laws work very well, NITA sef won’t get away. So the question is; why does an agency want to execute the powers of an authority and who is backing them do this? Charley we are tired😂😂.

Easy... @RedHatPentester

Not sure what Cyber Security includes: This one image explains all

Are you aware ECG was attacked with ransomware few years ago? The ransomware incident involving ECG a few years ago served as a critical wake-up call, highlighting the need to strengthen the national cybersecurity ecosystem. However, the organization responsible for handling the response did not release a public report detailing the incident. And also after rectifying the issue everybody go bed😂 While confidentiality agreements and operational sensitivities may limit disclosure, a basic level of transparency could have helped improve public awareness and trust. We have long way to go🤦🏾‍♂️🤦🏾‍♂️

SINDEL: SINDEL Shadow Intelligence Network & Data Extraction Laboratory Years ago, an IDOR vulnerability earned me my 3rd major bug bounty. Last year, I built an entire lab around it. SINDEL focuses exclusively on Insecure Direct Object Reference (IDOR) vulnerabilities, covering all 10 recognised IDOR attack categories across 18 unique endpoints. All 18 flags were captured across every difficulty level. The most advanced challenges involve hashed identifier IDORs and token-based IDORs, requiring deeper knowledge of cryptographic weaknesses and enumeration techniques beyond simple ID incrementing. Link: github.com/RedHatPenteste…