Puppet is a medium-difficulty chain on Vulnlab in which you are using the sliver c2 framework to compromise a small ad environment. You start with an already existing beacon on file server, escalat...

Cicada is a medium-difficulty machine on Vulnlab that involves exploiting ESC8 via Kerberos relaying in order to bypass self-relay restrictions. Enumeration Port scan: Nmap scan report for 10.10...

Lustrous2 is a hardened AD Environment on Vulnlab that involves dealing with LDAP signing, channel binding and disabled NTLM authentication. We’ll impersonate a protected user against a web applica...

This video is a short overview on what you can do with WinSSH and how to use it. It essentially acts like a reverse shell with (dynamic-) port forwarding & file up- and download features that i...

Intercept is a chain of vulnerable machines on Vulnlab and involves stealing hashes with lnk files, a RBCD-Workstation takeover, exploiting GenericALL on OUs & finally attacking ADCS using ESC7...

I’m linking the playlists for both labs here to avoid single posts for every video. Check out https://vulnlab.com if you want to try them out! Shinra Wutai

This is part four of the Shinra series. We will get to access to a linux server via ssh, exploit a small authenticator app & use ansible to move to the next box.

This is the third video of the Shinra series. We will get a shell on Ashleighs machine & escalate privileges. Topics Phishing: Payload design & getting a shell Sliver Basics Host...

This is the second video of the Shinra series. Before setting foot onto any of the network’s internal machines, we are going to spend a bit of time enumerating various things from our machine. S...

This is a short writeup on the “NonHeavyFTP” challenge from Real World CTF 2023. This was one of the easier challenges with the goal of exploiting LightFTP in Version 2.2 (the latest one on github ...