Odori is a medium-difficulty machine on Vulnlab that involves gaining access to a Bitlocker encrypted disk image, in order to retrieve DPAPI protected credentials. Furthermore we will use SFTP to b...

Barrier is a medium-difficulty machine on Vulnlab that plays around the concept of Single-Sign-On (SSO). Foothold As always, we scan for open ports: PORT STATE SERVICE 22/tcp open ssh 80/...

This video is a walkthrough on Mythical, a medium-difficulty AD chain on Vulnlab that is all about engaging AD environments with the Mythic C2 framework. Notes These are some additional notes t...

Redelegate is a hard-rated Windows machine by Geiseric on Vulnlab. The core concepts here are password spraying, enumerating domain users via MSSQL and diving deeper into kerberos delegation. Enum...

Puppet is a medium-difficulty chain on Vulnlab in which you are using the sliver c2 framework to compromise a small ad environment. You start with an already existing beacon on file server, escalat...

Cicada is a medium-difficulty machine on Vulnlab that involves exploiting ESC8 via Kerberos relaying in order to bypass self-relay restrictions. Enumeration Port scan: Nmap scan report for 10.10...

Lustrous2 is a hardened AD Environment on Vulnlab that involves dealing with LDAP signing, channel binding and disabled NTLM authentication. We’ll impersonate a protected user against a web applica...

This video is a short overview on what you can do with WinSSH and how to use it. It essentially acts like a reverse shell with (dynamic-) port forwarding & file up- and download features that i...

Intercept is a chain of vulnerable machines on Vulnlab and involves stealing hashes with lnk files, a RBCD-Workstation takeover, exploiting GenericALL on OUs & finally attacking ADCS using ESC7...

I’m linking the playlists for both labs here to avoid single posts for every video. Check out https://vulnlab.com if you want to try them out! Shinra Wutai