/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

blog.ikuamike.io
| | 0xdf.gitlab.io
1.6 parsecs away

Travel
| | One of the neat things about HTB is that it exposes Windows concepts unlike any CTF I'd come across before it. Forest is a great example of that. It is a domain controller that allows me to enumerate users over RPC, attack Kerberos with AS-REP Roasting, and use Win-RM to get a shell. Then I can take advantage of the permissions and accesses of that user to get DCSycn capabilities, allowing me to dump hashes for the administrator user and get a shell as the admin. In Beyond Root, I'll look at what DCSync looks like on the wire, and look at the automated task cleaning up permissions.
| | www.securitynik.com
4.5 parsecs away

Travel
| | Leveraging the AlwaysInstallElevated policy, allows an administrator to install a Windows installer package with system level privileges. Th...
| | www.justus.pw
1.4 parsecs away

Travel
| | [AI summary] The user successfully gained access to a system by exploiting a Heartbleed vulnerability, decrypted an RSA key using a password obtained from memory, and then used that key to log in as the 'hype' user. After enumerating the system, they accessed a Tmux session to gain root access and retrieved the root flag.
| | ifin-intel.org
20.8 parsecs away

Travel
| A not-for-profit organization dedicated to the teaching of best practices in cyber threat intelligence, and the mutual sharing of timely, actionable, and relevant intelligence among the community.