Chemistry is an easy difficulty machine on HackTheBox that takes you through a series of steps involving network enumeration, web application testing, and privilege escalation. The challenge provid...

Path Hijacking is a technique where an attacker manipulates the $PATH environment variable to run malicious code by placing a malicious binary in a directory that is searched before the legitimate ...

Backfield is a Windows machine that involves exploiting Active Directory misconfigurations, performing AS-REP roasting to crack user passwords, and leveraging Backup Operators privileges. The attac...

Escape is a medium-difficulty Windows AD machine. It begins with an SMB share exposing a sensitive file containing credentials. Using these credentials, an attacker can gain access to the machine a...

Trickster is a medium-difficulty machine on the HackTheBox platform. This machine primarily focuses on web exploitation, leveraging techniques such as SSTI (Server-Side Template Injection) and XSS ...

This document is a work-in-progress where I’m compiling a variety of techniques for enumerating and exploiting Active Directory environments. It will be updated over time with additional steps and ...

Cascade is a medium difficulty Windows machine acting as a Domain Controller. Through enumeration and exploiting certain Active Directory features, we discover a series of credentials leading to es...

Resolute is a medium-difficulty machine on Hack The Box that focuses on enumeration, privilege escalation, and exploiting misconfigurations in services and group memberships. The machine provides a...

Sauna is an easy-level machine that challenges you to perform internal network penetration testing within an Active Directory environment. It involves techniques such as website OSINT for gathering...

This document is a work-in-progress where I’m compiling a variety of common web vulnerabilities and exploitation techniques. It will be updated over time with additional insights and methodologies ...