Active Directory delegation is one of those features that every Windows admin uses but few audit properly. It is also a common source of privilege escalation paths. The Problem When an administrator delegates permissions in AD, those permissions are stored as Access Control Entries on the target objects. Over time,
Nmap is the standard tool for network discovery and security auditing. Whether you are mapping a small home lab or scanning a class B network, the same core commands apply. This nmap cheat sheet is a structured reference covering the commands and options I use most frequently, organized by task
The Nmap Scripting Engine has matured significantly. Version 4.50 added dozens of new scripts and the framework is now stable enough for enterprise use. Why NSE Over Standalone Tools Before NSE, enterprise scanning meant running Nmap for discovery, then piping results to Nessus. NSE lets you combine discovery and
OS fingerprinting has been a fundamental reconnaissance technique since the mid-1990s. Nmap, p0f, and xprobe2 all approach the problem differently, but they share a common challenge: the fingerprint databases are not keeping up with the operating systems they need to identify. I spent last week testing the latest versions of
I have been looking at how vendors classify vulnerability severity and I keep finding discrepancies between what the vendor says and what the CVSS score suggests. Take the most recent batch of Microsoft patches. Two of the vulnerabilities rated as Important by Microsoft score above 8.0 on the CVSS