snovvcrash

Mastering Kerberos: Capturing Active Directory on a HackTheBox Virtual Machine

Date: 22/07/2025

In this article, I will demonstrate how to go from zero to a fully-fledged Active Directory domain controller administrator, with the help of one of the virtual machines available for hacking on the CTF platform HackTheBox. While it may not be the most challenging machine, mastering AD skills is crucial if you’re planning to pentest corporate networks.

Read full article →

Dumping at nanolevel. How I reinvented SafetyKatz to dump LSASS with NanoDump

Date: 13/06/2025

Author: snovvcrash

This article discusses the covert use of the NanoDump utility from memory (i.e. the simulated attacker doesn’t have a C&C ‘beacon’ on the attacked network node) and compares such an application of NanoDump with the use of SafetyKatz.

Read full article →

Serpent pyramid. Run malware from the EDR blind spots!

Date: 04/04/2023

Author: snovvcrash

In this article, I’ll show how to modify a standalone Python interpreter so that you can load malicious dependencies directly into memory using the Pyramid tool (not to be confused with the web framework of the same name). Potentially, this enables you to evade antivirus protection in pentesting studies and conceal a suspicious telemetry source from EDR in the course of Red Team operations.

Read full article →

Poisonous spuds. Privilege escalation in AD with RemotePotato0

Date: 26/03/2023

Author: snovvcrash

This article discusses different variations of the NTLM Relay cross-protocol attack delivered using the RemotePotato0 exploit. In addition, you will learn how to hide the signature of an executable file from static analysis.

Read full article →

Challenge the Keemaker! How to bypass antiviruses and inject shellcode into KeePass memory

Date: 03/06/2022

Author: snovvcrash

Recently, I was involved with a challenging pentesting project. Using the KeeThief utility from GhostPack, I tried to extract the master password for the open-source KeePass database from the process memory. Too bad, EDR was monitoring the system and prevented me from doing this: after all, KeeThief injects shellcode into a remote process in a classical oldie-goodie way, and in 2022, such actions have no chance to go unnoticed.

Read full article →

Stratosphere flight. How to crack Struts using an Action app and create a Forward Shell

Date: 19/10/2020

Author: snovvcrash

Today, I will show how to conquer the stratosphere – i.e. gain root access on the Stratosphere VM available on Hack The Box CTF grounds. To capture the root flag, I will have to overcome the Apache Struts framework to get an RCE vulnerability in a web app, put to practice the rarely used (but still very useful) Forward Shell remote session concept, highjack a library, and find a way to exploit the eval() function in a treacherous Python script.

Read full article →

The PWN realm. Modern techniques for stack overflow exploitation

Date: 19/10/2020

Author: snovvcrash

The buffer overflow vulnerability is an extremely popular topic on hackers’ forums. In this article, I will provide a universal and practically-oriented ‘introduction’ for enthusiasts studying the basics of low-level exploitation. Using stack overflow as an example, I will address a broad range of topics: from security mechanisms currently used by the GCC compiler to specific features of binary stack overflow exploits.

Read full article →