Blog
HTB - Garfield
Writeup for Garfield, a Hard Windows AD box from HackTheBox Season 10
HTB - DevArea
Writeup for DevArea, a Medium Linux box from HackTheBox Season 10
HTB - Kobold
Writeup for Kobold, an Easy Linux box from HackTheBox Season 10
AD Cheatsheet: Enumeration & Fundamentals
Active Directory enumeration techniques for penetration testers - DNS, SMB, LDAP, RPC, and initial domain reconnaissance
AD Cheatsheet: Kerberos Attacks
Complete guide to Kerberos-based attacks - Kerberoasting, AS-REP Roasting, Golden/Silver Tickets, Pass-the-Ticket, and Delegation abuse
AD Cheatsheet: ADCS & Certificate Attacks
Active Directory Certificate Services exploitation - ESC1 through ESC16, Certifried, enumeration and attack chains
AD Cheatsheet: ACE Abuse & Lateral Movement
Active Directory ACL exploitation, DPAPI secrets, credential dumping, Shadow Credentials, and remote access techniques
AD Cheatsheet: NTLM Relay Attacks
Complete NTLM relay guide - poisoning, coercion, SMB/LDAP/ADCS relay, and cross-protocol exploitation
AD Cheatsheet: Trust Exploitation
Active Directory trust attacks - intra-forest and cross-forest exploitation, ExtraSids, SID History, PAM Trust abuse
AD Cheatsheet: MSSQL, Exchange & SCCM
Exploiting enterprise services in Active Directory - MSSQL lateral movement, Exchange phishing, and SCCM takeover
AD Cheatsheet: BloodyAD & Advanced Tooling
BloodyAD command reference and advanced Active Directory tooling for penetration testers
HTB - TombWatcher
4 seasonal box from hackthebox
Portswigger - Blind SQL injection with conditional errors
Advanced blind SQL injection challenge using conditional error-based techniques to extract sensitive data
PicoCTF - Mini RSA
Mini RSA is a crypto CTF Challenge from PicoCTF involving small public exponent attacks on RSA encryption
Rop Emporium - Ret2Win
Introduction to Return Oriented Programming (ROP) through a beginner-friendly buffer overflow challenge
