Active Directory Schema Modification

Changing default security descriptor properties to escalate from a child to parent domain.

Exploiting Tomcat

Exploiting common Tomcat vulnerabilities.

Attacking MSSQL

Compromising MSSQL databases, and escalating privileges.

Golden gMSA Attacks

Extracting gMSA service accounts from child domains.

SID History Abuse

Modifying SID History values to compromise parent domains.

Backup Operator Privilege Escalation

Extracting domain controller credentials using the Backup Operators group.

Active Directory Explorer

Using Microsoft AD Explorer to collect Active Directory attack path information.

Active Directory DACL Attacks

Exploiting misconfigured Active Directory access control lists.

Entra ID Connect

Extracting credentials from Azure Entra Connect.

Coerced Authentication

Persuading Windows hosts to provide machine account credentials.

IPv6 Penetration Testing

Testing IPv6 security.

Bypassing Multi Factor Authentication

Intercepting multi factor authentication credentials using an Nginx reverse proxy.


Sending Phishing emails to capture login credentials.


Using Terraform to deploy testing infrastructure & auditing Terraform configuration files.

802.11 Wireless Attacks

Ways of gaining access to WPA-PSK networks.

Cobalt Strike

Getting started with Cobalt Strike.

Kerberos Delegation Attacks

Exploiting constrained, unconstrained and resource based delegation.

Modbus Security

Pentesting the Modbus protocol.