In this article, I will demonstrate how to progress from a beginner to a fully functional Active Directory domain controller administrator. We'll use a virtual machine available for hacking on the HackTheBox CTF platform as our guide.ā¦
CONTINUE READING š” Author: snovvcrash
Dumping at nanolevel. How I reinvented SafetyKatz to dump LSASSā¦
This article discusses theĀ covert use ofĀ the NanoDump utility from memory (i.e. theĀ simulated attacker doesnāt have aĀ C&C ābeaconā onĀ the attacked network node) andĀ compares such anĀ application ofĀ NanoDump with theĀ use ofĀ SafetyKatz.
CONTINUE READING š” 
Serpent pyramid. Run malware from the EDR blind spots!
In this article, I’ll show how toĀ modify aĀ standalone Python interpreter so that you can load malicious dependencies directly into memory using theĀ Pyramid tool (not toĀ be confused with theĀ web framework ofĀ the same name). Potentially, this enables you toĀ evadeā¦
CONTINUE READING š” 
Poisonous spuds. Privilege escalation in AD with RemotePotato0
This article discusses different variations ofĀ the NTLM Relay cross-protocol attack delivered using theĀ RemotePotato0 exploit. InĀ addition, you will learn how toĀ hide theĀ signature ofĀ an executable file from static analysis.
CONTINUE READING š” 
Challenge the Keemaker! How to bypass antiviruses and inject shellcodeā¦
Recently, I was involved with aĀ challenging pentesting project. Using theĀ KeeThief utility from GhostPack, I tried toĀ extract theĀ master password for theĀ open-source KeePass database from theĀ process memory. Too bad, EDR was monitoring theĀ system andĀ prevented me from doing this: afterā¦
CONTINUE READING š” 
Stratosphere flight. How to crack Struts using an Action appā¦
Today, I will show how to conquer the stratosphere - i.e. gain root access on the Stratosphere VM available on [Hack The Box](https://www.hackthebox.eu/) CTF grounds. To capture the root flag, I will have to overcome the Apacheā¦
CONTINUE READING š” 
The PWN realm. Modern techniques for stack overflow exploitation
The buffer overflow vulnerability is an extremely popular topic on hackers' forums. In this article, I will provide a universal and practically-oriented 'introduction' for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example,ā¦
CONTINUE READING š” 
Compressed Token Format (CTF). One-time passwords, LDAP injections, and tricksā¦
Today, I will explain how to hack the CTF virtual machine available on [Hack The Box](https://www.hackthebox.eu/) training grounds. For the purposes of this article, the abbreviation "CTF" refers to Compressed Token Format, not Capture the Flag. Thisā¦
CONTINUE READING š” 
Diabolically reddish pentest. Building tunneling chains through docker containers onā¦
How to seize control over a host located in a different subnetwork? The right answer is: build numerous intricate tunnels. This article addresses tunneling techniques and their application in pentesting using as an example Reddish, a hardcoreā¦
CONTINUE READING š” 
The great mischief. Working your way to the root flagā¦
In this article, I will explain how to gain superuser privileges on Mischief VM available on [Hack The Box](https://www.hackthebox.eu/) training grounds. During this journey, you will acquire some SNMP skills, understand the IPv6 routing principles, and learnā¦
CONTINUE READING š” 
Where to study pentesting? An overview of training grounds forā¦
Today, I will give a brief overview of some of the best pentesting portals recognized by security experts. These training grounds enable ethical hackers to polish their skills while preserving 'ethicality' and exploit newly-discovered vulnerabilities while stayingā¦
CONTINUE READING š” 
Epic pivoting. Polishing traffic routing skills on HackTheBox virtual machines
A good knowledge of pivoting (a technique used to route traffic to the victim and back through interim hosts) is essential for any ethical hacker. Furthermore, this skill is absolutely mandatory for corporate network pentesting. In thisā¦
CONTINUE READING š” 
The taming of Kerberos. Seizing control over Active Directory onā¦
In this article, I am going to show how to escalate from an unprivileged user to the administrator of the Active Directory domain controller. The demonstration will be performed on a virtual PC available for hacking onā¦
CONTINUE READING š”