Kerberos Kerberos, though a complex topic, can be better understood by drawing parallels with a hotel analogy. Imagine the Kerberos system as a hotel, and its various components as essential ser...

API Pentesting API pentesting, also known as API penetration testing, is a security testing technique that focuses on identifying vulnerabilities and weaknesses in the Application Programming Inte...

Sea Surfer You can find this CTF here Enumeration As always, I began with a nmap scan (what is more important than enumeration? beer? 🧐): sudo nmap -sV -sS -sC -O -v -p- 10.10.181.107 [sudo] pas...

Ollie Oh my god! I did this CTF only for Ollie, the dog! You can find this CTF here Enumeration I began with a nmap TCP scan: $ sudo nmap -sV -sS -sC -p- -v 10.10.112.144 [TRUNCATED] PORT ...

What about Proxy? In this article, I will explain briefly something about Proxy. Why? Why not 😆 On the big internet, there are many articles about Proxy but I would write mine! Watch this ...

LiquidFiles 3.5.13 Privilege Escalation (CVE-2021-43397) With two of my colleagues, during an engagement for a customer, we discovered a Privilege Escalation in the LiquidFiles 3.5.15. This secur...

Thin Job Hi everyone! I just announce my first box and I called it “Thin Job”! I tried to submit it to Hack the Box but they rejected it but (in my opinion) they don’t explain enough the motivatio...

Alfred In this room, we’ll learn how to exploit a common misconfiguration on a widely used automation server(Jenkins - This tool is used to create continuous integration/continuous development...

Windows PrivEsc Arena Students will learn how to escalate privileges using a very vulnerable Windows 7 VM. RDP is open. [Task 1] - Connecting to TryHackMe network You don’t need me to do this...

Steel Mountain In this room you will enumerate a Windows machine, gain initial access with Metasploit, use Powershell to further enumerate the machine and escalate your privileges to Administr...