Red Team operations,
Active Directory security,
and technical notes

Offensive security research and notes — Active Directory, Red Team tradecraft, and lab work.

  • Posts7
  • Tags7
All Posts
rss ↗
  • HackTheBox - Dog Writeup

    Credential exposure via an open Git repository leads to admin access on BackdropCMS, a web shell foothold, and ultimately root via a misconfigured sudo permission on bee.

  • HackTheBox - Administrator Writeup

    A WinRM foothold leads to a chain of AD abuse — GenericAll, ForceChangePassword, GenericWrite, Kerberoasting, and DCSync — culminating in Domain Admin after cracking a PSafe3 password manager file.

  • HackTheBox - Monitored Writeup

    SNMP leaks credentials to abuse the API, a CVE steals the admin API key, and built-in functionality delivers a reverse shell before a sudo misconfiguration leads to root.

  • HackTheBox - PermX Writeup

    CVE-2023-4226 delivers a reverse shell on a Chamilo LMS instance, credentials in a config file grant SSH access as mtz, and a symlink to /etc/sudoers abused via a sudoable setfacl script leads to root.

  • HackTheBox - Blazorized Writeup

    A forged JWT from a decompiled .NET WASM DLL exposes a SQL injection foothold, before chaining WriteSPN Kerberoasting, a malicious login script, and DCSync via Mimikatz to reach Domain Admin.

  • DamCTF24 - Writeup

    Writeups for OSINT challenges I solved while competing in DamCTF24 - Placed 27th out of 207 teams.

    CTF
  • UTCTF 2024 - Writeups

    Writeups for OSINT challenges I solved while competing in UTCTF 2024 - Placed 135th out of 854 teams.

    CTF
Tags
About

I'm Kyle. I do security research and write about it here when something feels worth documenting.