Acute is a 40-point Active Directory Windows machine on HackTheBox. I’m going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not t...

This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64. Vulnerability Discovery We are going to tackle this based on the source instead of the assembly again. There are 4...

In the we looked at a Stack Overflow in HEVD on Windows 11 x64, now are going to continue with a Type Confusion Vulnerability. Overview Target: HEVD OS/Arch: Windows 11 x64 Protections: ASLR, DE...

After setting up our debugging environment, we will look at HEVD for a few posts before diving into real-world scenarios. HEVD is an awesome, intentionally vulnerable driver by HackSysTeam that all...

In this series about Windows kernel exploitation, we will explore various kernel exploit techniques & targets. This topic is mainly something I studied to prepare for AWE. This short first part...

In the last post we explored how to exploit the rainbow2.exe binary from the vulnbins repository using WriteProcessMemory & the “skeleton” method. Now we are going to explore how to use Virtual...

Intro In this post I will show an example on how to bypass DEP with WriteProcessMemory. This is a bit more complicated than doing it with VirtualProtect but nonetheless an interesting technical ch...

We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we’ll escalate privileges usi...

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger. Notes Indirect SSRF <?php header("Location: http://admi...

Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup & SeRestore Privileges. The initial port scan shows the following p...