Microsoft SQL server Microsoft SQL Server is a relational database management system (RDBMS) developed by Microsoft, designed to manage and organize data in a structured way using tables that ar...

NTLM Relay NTLM Relay is a man-in-the-middle (MITM) attack against the NTLM authentication protocol. When an NTLM authentication occurs between two machines (a client and a server), an attacker...

AD Computers Active Directory Domain Services (AD DS) manages users, computers, and data, allowing administrators to organize resources into logical hierarchies and centralize access control. Ke...

ESC1 Attack An ESC1 attack is a privilege escalation technique that exploits misconfigured certificate templates within Microsoft Active Directory Certificate Services (AD CS) to gain unauthori...

Linux Hunt Show I create some short cuts to find the Important thinks in the linux system. Intersting Files /etc/passwd —> store Usersname of the box. /etc/shadow —> store the Password has...

Rustykey HTB Walkthrough for the Rustykey machine (Active Directory). Edited by 0xmr. Machine Information You start the Rustykey box with credentials for the following account: Username:...

Decode the Binary passwords (.xml) PSCredential XML Decryption is the process of extracting and converting securely stored credentials from serialized PowerShell objects in XML format back to pl...

Reverse Shells in .NET Applications .NET is commonly used for Windows-compatible web applications (e.g., .aspx pages). Important: If you’re new to this attack flow, spin up a practice machine ...

DpApi attack DPAPI is Windows’ built-in encryption system that protects things like saved passwords and Wi-Fi keys. Attackers don’t break the encryption - they steal the keys to decrypt it. Pr...

GPO Group Policies are saved as Group Policy Objects (GPOs) which are then associated with Active Directory objects such as sites, domains, or organizational units (OUs). Domain members refresh Gr...