Category: Infrastructure

Changing default security descriptor properties to escalate from a child to parent domain.

Exploiting common Tomcat vulnerabilities.

Compromising MSSQL databases, and escalating privileges.

Extracting gMSA service accounts from child domains.

Modifying SID History values to compromise parent domains.

Extracting domain controller credentials using the Backup Operators group.

Using Microsoft AD Explorer to collect Active Directory attack path information.

Exploiting misconfigured Active Directory access control lists.

Extracting credentials from Azure Entra Connect.

Persuading Windows hosts to provide machine account credentials.

Testing IPv6 security.

Intercepting multi factor authentication credentials using an Nginx reverse proxy.

Sending Phishing emails to capture login credentials.

Using Terraform to deploy testing infrastructure & auditing Terraform configuration files.

Ways of gaining access to WPA-PSK networks.

Getting started with Cobalt Strike.

Exploiting constrained, unconstrained and resource based delegation.

Pentesting the Modbus protocol.