Blackfield is a 40-point machine from Hack the Box which requires you to exploit mistakes done after a recent computer forensic investigation recently done on the machine. The files left valuable information about the machine, usually extracted when doing computer forensics, which includes a dump of LSASS. Gaining access to…

Due to my growing interest with Active Directory security, I began my journey to get experience and better understand how it works. There are very few trainings out there that provides Active Directory security training that is accompanied by a lab, and one of those few is Pentester Academy. …

Sauna is an Easy-difficulty machine from Hack the Box created by egotisticalSW. I felt that this box is realistic as it requires you to craft potential usernames based from their public website. …

Sizzle is an Insane-difficulty machine from Hack the Box created by mrb3n and lkys37en, of which are the authors of 2 out of 3 Hack the Box Pro Labs that are currently available. Sizzle is a fairly old machine as it was released January of 2019. I decided to work…

I decided to write articles on common tools used by security professionals. The goal of this series is to introduce how a tool works, where it is useful, and maybe leave a few tricks that you can adopt. I’ll start with a scanning tool called Nmap. What is Nmap? From…

TL;DR: Control is a Windows machine that allows you to play with basic SQL Injection and a little of PowerShell. It’s a fun box to teach you Windows concepts without having an SMB service running. It starts of with an admin page accessible by using the X-Forwarder-For Header. Access to the…

TL;DR Forest is in the list of my favorite machines. It exposes you to different tools and offers practical usage of enumerating, interacting, and exploiting services usually related to Windows Active Directory. It starts with enumerating a user through RPC and exploiting Kerberos Pre-Auth to get the user’s password. The user…

This is a write up on how I solved Postman from Hack the Box, which is an online platform where you can play various CTFs and practice your penetration testing skills. TL;DR Postman from Hack the Box is an easy-rated box which includes exploiting a misconfigured Redis service, allowing you to…

This is a write up on how I solved Zetta from Hack the Box, which is an online platform where you can play various CTFs and practice your penetration testing skills. As always, I try to explain how I understood the concepts here from the machine because I want to…