// RECENT_INTERCEPTS
Don't Kill my Demon - Havoc for Adversary
Shellcode and Multiple Agents: Combined with Cobalt Strike Malleable C2 Profile Less popular compared to others, but that’s Havoc. "I respec
HTB Rebound - Windows (Insane)
Begin with AS-REP Roast to TGS no-auth roasting, discover change/reset passwords group to service user. PrivEsc with cross-session relay att
HTB Cicada - Windows (Easy)
Beginner AD machine set. Start with RID brute-forcing and get passwd from SMB shares. Escalating DC users with password leakage 3 times. Pri
HTB Forest - Windows (Easy)
Enumerate DC Users with *blank credentials and find one of the account are vuln to AS-REP roast, mapping DC with BloodHound to set our accou
HTB Love - Windows (Easy)
Nmap finger-print find 2 HTTP chained, discover SSRF Vulnerability leading to credential and get initial access with File Upload vulnerabili
Red Teaming Python-based Application with SSTI - Part 4
Server Side Template injection / SSTI with evasion on Python (Flask and Jinja2) based application, whiteBox Pentesting scenario. SSTI Exerci
WhiteBox Web Application Pentesting - Part 1
Practices for PHP Web application Pentesting (OS Command Injection) in WhiteBox scenario, getting the goods after source-code review. Web Ap
Getting React2Shell Vulns Under 1 Minute
Practical script for React2Shell vulnerability, covering CVE-2025-55182 and CVE-2025-66478 fastest interaction. For an overview, I already c
HTB WhiteRabbit - Linux (Insane)
Enumerate 5+ HTTP to attack, find SQL Injection to restore Key inside GTFObin, PrivEsc with attacking insecure AES and Restic, then lateral
Kerberos Attack made Easy - AS-REP and TGS-REP
Collect Users from RID identification number to discover one of them leading to Kerberos pre-auth failing to AS-REP roast, then escalate wit
HTB Pollution - Linux (Hard)
XXE on vuln API end-point leading to LFI to fetch credentials for another WebApp for initial access RCE through filter Injection. Pivot in M
HTB Response - Linux (Insane)
Phishing Admin and other Users through WebApp to gain access and PrivEsc in Docker container, elevate to FTP Access for User box. PrivEsc wi
PEN-200 Practices - Active Directory Part 09
Craft Windows Username format via Web enumeration, elevate with AS-REP roasting to WinRM session login. PrivEsc with abusing group members o
PEN-200 Practices - Stand-alone (Windows) Part 08
Elevate your initial foot-hold around WebApp and SMB shares, gain machine initial access through reverse shell as User. PrivEsc with winPEAS
HTB Editor - Linux (Easy)
Enumerate 2 HTTP services on port 80 and 8080. Find one based on XWiki Debian vulnerable to CVE-2024-24893. Elevate to User with credentials
PEN-200 Practices - Active Directory Part 07
Active Directory (Full-case) Kerberos Based-attack for PEN-200 practices. Active Directory On this another internal PenTesting practices, th
PEN-200 Practices - Active Directory Part 06
Exploiting ADCS with category of ESC1 with escalation of CVE-2022-26923, adding a host for exploiting UPNs and SAN insecure unique DNS signa
HTB Era - Linux (Medium)
Discover 2 HTTP chain that are vuln to IDOR, leading to OpenBSD hash leak and genKey with FTP creds, perform IDOR with SSRF leading to Users
PEN-200 Practices - Active Directory Part 05
Enumerating DC service ports and discover vulnerability through Windows version and NMAP Vuln script. Windows execution through Metasploit C
HTB Reaper - DFIR (Very Easy)
Investigate NTLM Relay attack, the attack starts by network poisoning on LLMNR response when a victim has a typo in the host in shares path.