elswix.com

Cybersecurity • Hacking • Red Teaming

Articles

25+

WriteUps

1K+

Readers

Active

Status

Latest Articles

Active Directory: Domain Trusts

Today, we'll delve into the fundamentals of Domain Trusts and how misconfigurations can be leveraged to achieve domain escalation/lateral movement.

Active Directory: Certificate Services (Part 2)

Today, we will delve into how Certificate Mapping works, which security measurements were implemented after the Certifried vulnerability and more.

Active Directory: Certificate Services (Part 1)

Today, we'll delve into Active Directory Certificate Services (ADCS). In this article, we'll cover fundamental concepts and introduce exploitation techniques.

Active Directory: DACL Abuse

Today, we'll explore the exploitation of insecure ACEs within the DACL of users and groups in an Active Directory environment.

Kaiju - VulnLab

Today, we'll walk through Kaiju, a hard-difficulty chain from VulnLab. This lab simulates a multi-host Active Directory environment.

Rebound - HackTheBox

Rebound is an insane difficulty machine on HackTheBox. Initially, we'll exploit RID brute force to obtain a list of valid users on the Domain Controller.

Analytics - HackTheBox

Analytics is an easy machine on HackTheBox. Firstly, we'll exploit a vulnerable version of Metabase to achieve command execution on the victim machine.

Manager - HackTheBox

Manager is a medium-difficulty machine on HackTheBox. Initially, we'll abuse the guest session to perform a RID Bruteforce attack.