Entra ID Connect

Extracting credentials from Azure Entra Connect.

Password Filters

Using password filters to intercept logon credentials.

Coerced Authentication

Persuading Windows hosts to provide machine account credentials.

LD_PRELOAD Exploitation

Using LD_PRELOAD for dynamic function hooking and privilege escalation.

IPv6 Penetration Testing

Testing IPv6 security.

Bypassing Multi Factor Authentication

Intercepting multi factor authentication credentials using an Nginx reverse proxy.


Sending Phishing emails to capture login credentials.


Using Terraform to deploy testing infrastructure & auditing Terraform configuration files.

Keystroke Logging

Logging Keystrokes with SetWindowHookEx.

Process Mitigation Policies & ACG

Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.

Parent Process ID Spoofing

Supplying arbitrary PPID values to CreateProcess.

File Upload Vulnerabilities

Exploiting file upload vulnerabilities to execute arbitrary code.

SQL Injection

SQL Injection for MySQL databases.

XML External Entity Injection (XXE)

Exploiting XML parsers.

Web Content Discovery

Identifying web content to launch further attacks.

Cross Site Scripting (XSS)

Injecting malicious code into web applications.

Shellcode Obfuscation

Encoding Shellcode for use within malware.

Hack The Box Certified Bug Bounty Hunter (HTB CBBH)

A review of the CBBH course and exam.