This is where you will find my writeup that I do on various ctf platforms.

HackTheBox - Search

Search is an active directory box that runs through a lot of attacks like kerberoasting, password re-use, read gMSA Password. This box requires a lot of enumeration and search to find sensitive information disclosure

HackThebox - Sizzle

Sizzle is an ADCS box where we will explore how to make a "scf file" attack, generate a certificate via certsrv, bypass CLM & AppLocker, Kerberoasting + DCSync

HackTheBox - Shibboleth

Shibboleth is a very realistic box simulating several services used in companies such as ZABBIX, BMC, IPMI, ... and a CVE present on mariaDB

Posted on Sat, Apr 2, 2022 Writeup HackTheBox IPMI Zabbix CVE-2021-27928

HackTheBox - Monitors

Monitors is a hard box on which we will browse several web operations like LFI, SQLI and Java Deserialization but also break a container via a sys_module cap on linux.

HackTheBox -Reel2

Reel2 is a windows box, we will see how to do password spraying on an OWA, a simple but effective phishing technique, Bypass JEA, and to abuse a LFI in a JEA function