Red Team operations,
Active Directory security,
and technical notes
Offensive security research and notes — Active Directory, Red Team tradecraft, and lab work.
- Posts7
- Tags7
Credential exposure via an open Git repository leads to admin access on BackdropCMS, a web shell foothold, and ultimately root via a misconfigured sudo permission on bee.
-
jan 07 2025
HackTheBox - Dog Writeup
Credential exposure via an open Git repository leads to admin access on BackdropCMS, a web shell foothold, and ultimately root via a misconfigured sudo permission on bee.
-
jan 05 2025
HackTheBox - Administrator Writeup
A WinRM foothold leads to a chain of AD abuse — GenericAll, ForceChangePassword, GenericWrite, Kerberoasting, and DCSync — culminating in Domain Admin after cracking a PSafe3 password manager file.
-
jan 26 2024
HackTheBox - Monitored Writeup
SNMP leaks credentials to abuse the API, a CVE steals the admin API key, and built-in functionality delivers a reverse shell before a sudo misconfiguration leads to root.
-
jan 08 2024
HackTheBox - PermX Writeup
CVE-2023-4226 delivers a reverse shell on a Chamilo LMS instance, credentials in a config file grant SSH access as mtz, and a symlink to /etc/sudoers abused via a sudoable setfacl script leads to root.
-
jan 07 2024
HackTheBox - Blazorized Writeup
A forged JWT from a decompiled .NET WASM DLL exposes a SQL injection foothold, before chaining WriteSPN Kerberoasting, a malicious login script, and DCSync via Mimikatz to reach Domain Admin.
-
jan 07 2024
DamCTF24 - Writeup
Writeups for OSINT challenges I solved while competing in DamCTF24 - Placed 27th out of 207 teams.
-
jan 03 2024
UTCTF 2024 - Writeups
Writeups for OSINT challenges I solved while competing in UTCTF 2024 - Placed 135th out of 854 teams.