Additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD attack. Notes RBCD via WinRM & StandIn # Upload upload...

Acute is a 40-point Active Directory Windows machine on HackTheBox. I’m going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not t...

This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64. Vulnerability Discovery We are going to tackle this based on the source instead of the assembly again. There are 4...

In the we looked at a Stack Overflow in HEVD on Windows 11 x64, now are going to continue with a Type Confusion Vulnerability. Overview Target: HEVD OS/Arch: Windows 11 x64 Protections: ASLR, DE...

After setting up our debugging environment, we will look at HEVD for a few posts before diving into real-world scenarios. HEVD is an awesome, intentionally vulnerable driver by HackSysTeam that all...

In this series about Windows kernel exploitation, we will explore various kernel exploit techniques & targets. This topic is mainly something I studied to prepare for AWE. This short first part...

In the last post we explored how to exploit the rainbow2.exe binary from the vulnbins repository using WriteProcessMemory & the “skeleton” method. Now we are going to explore how to use Virtual...

Intro In this post I will show an example on how to bypass DEP with WriteProcessMemory. This is a bit more complicated than doing it with VirtualProtect but nonetheless an interesting technical ch...

We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we’ll escalate privileges usi...

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger. Notes Indirect SSRF <?php header("Location: http://admi...