Forest — HackTheBox
Forest goes from an anonymous LDAP session to Domain Admin via AS-REP roasting and an ACL-abuse chain that ends in DCSync. A perfect walkthrough of why Active Directory attack paths are about permissions, not just passwords.
$ ls -la ./ctf/
Detailed walkthroughs for HackTheBox and TryHackMe machines — covering web exploitation, privilege escalation, OSINT, and more.
Forest goes from an anonymous LDAP session to Domain Admin via AS-REP roasting and an ACL-abuse chain that ends in DCSync. A perfect walkthrough of why Active Directory attack paths are about permissions, not just passwords.
Active is a textbook AD box: an anonymously readable SYSVOL share leaks a GPP-encrypted service-account password, which is Kerberoasted into a full Domain Admin compromise. Two legacy misconfigurations, total takeover.
One of HackTheBox's original machines. A classic Samba usermap_script vulnerability leads to unauthenticated remote code execution and immediate root access — perfect for understanding how legacy services get exploited.
A full walkthrough of OWASP Juice Shop on TryHackMe — demonstrating SQL injection, XSS, broken authentication, and IDOR vulnerabilities in a modern Node.js web application.
Blue exploits MS17-010 (EternalBlue) — the NSA exploit leaked by Shadow Brokers that powered WannaCry. A textbook demonstration of why unpatched Windows systems are catastrophically dangerous.