• A Quick Shot into Active Directory Attacks

  30 May 2021

  This blog is no meant to be a complete description about all the attacks showed, but a quick look into the common attacks in Active Directory environments and how to prevent them, if you want to get a deep understanding about the vulnerabilities please check the links at the end...

  Active Directory    AS-REP Roasting    Kerberoasting    DCSync    mimikatz    Rubeus    Golden Ticket    Silver Ticket   

• Ready Writeup [HTB]

  15 May 2021

  Ready is a Linux based machine that was active since December 12th of 2020 to May 15th of 2021, on this machine we will exploit two vulnerabilities on Gitlab that chained together will allow us to get command execution on the machine, looking at the configuration files we will find...

  HackTheBox    Docker    Gitlab   

• A Review on PentesterAcademy Suscription

  12 May 2021

  When we talk about Pentester Academy we usually think about its Red Team Labs, which according to some people are one of the closest labs to real environments together with Rastalabs RTO, but what about its suscription?, its been there for a long time, some people recomend some of the...

• Laboratory Writeup [HTB]

  17 Apr 2021

  Laboratory is an easy rated Linux based machine that was active since November 14th of 2020 to April 17th of 2021, on this machine we will get access to the machine through a vulnerability on an old version of gitlab, reset the password of a gitlab user though gitlab-rails console,...

  HackTheBox    gitlab   

• Time Writeup [HTB]

  03 Apr 2021

  Time is a Linux based machine that was active since October 24th of 2020 to April 4th of 2021, on this machine we will exploit a vulnerability on Java jackson to get SSRF and ultimate RCE, then we will see that a script that we own is ran by root...

  HackTheBox    Java deserealization