Objective The Volnaya Emergency Broadcast System (EBS) is a critical platform for disseminating urgent public communications. The public-facing portal has been identified, but access is restricted...

Objetive The Volnaya Forums stand as a sprawling network where citizens compete to outdo each other in public displays of loyalty. Every post and reply is carefully monitored, and the most zealou...

Objective The goal is to infiltrate Volnaya’s cloud-based Industrial Control System (ICS) monitoring network, locate sensitive data, and enable the Task Force to assume control of their core syst...

Chemistry is an easy difficulty machine on HackTheBox that takes you through a series of steps involving network enumeration, web application testing, and privilege escalation. The challenge provid...

Path Hijacking is a technique where an attacker manipulates the $PATH environment variable to run malicious code by placing a malicious binary in a directory that is searched before the legitimate ...

Backfield is a Windows machine that involves exploiting Active Directory misconfigurations, performing AS-REP roasting to crack user passwords, and leveraging Backup Operators privileges. The attac...

Escape is a medium-difficulty Windows AD machine. It begins with an SMB share exposing a sensitive file containing credentials. Using these credentials, an attacker can gain access to the machine a...

Trickster is a medium-difficulty machine on the HackTheBox platform. This machine primarily focuses on web exploitation, leveraging techniques such as SSTI (Server-Side Template Injection) and XSS ...

This document is a work-in-progress where I’m compiling a variety of techniques for enumerating and exploiting Active Directory environments. It will be updated over time with additional steps and ...

Cascade is a medium difficulty Windows machine acting as a Domain Controller. Through enumeration and exploiting certain Active Directory features, we discover a series of credentials leading to es...