This video is a short overview on what you can do with WinSSH and how to use it. It essentially acts like a reverse shell with (dynamic-) port forwarding & file up- and download features that is only using trusted windows binaries.
Intercept is a chain of vulnerable machines on Vulnlab and involves stealing hashes with lnk files, a RBCD-Workstation takeover, exploiting GenericALL on OUs & finally attacking ADCS using ESC7.
This is the third video of the Shinra series. We will get a shell on Ashleighs machine & escalate privileges.
This is the second video of the Shinra series. Before setting foot onto any of the network's internal machines, we are going to spend a bit of time enumerating various things from our machine
In this blog post, we will solve the Windows userland challenge that Blue Frost Security published for Ekoparty 2022.
In this post, we will develop an exploit for the HW driver. I picked this one because I looked for some real-life target to practice on and saw a post by Avast that mentioned vulnerabilities in an old version of this driver (Version 4.8.2 from 2015), that was used as...
Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.
Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD attack.
Acute is a 40-point Active Directory Windows machine on HackTheBox. I'm going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not that important.
This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64.
