A medium-level Windows machine created by Geiseric. It includes sections where we abuse the GenericWrite permission and the Kerberos Unconstrained Delegation vulnerability. This machine is a great ...

Escape is a medium-difficulty Windows box. The exploitation path involves enumerating shares to capture a hash through MSSQL. Afterwards, we find credentials inside a .bak file, which allows us to ...

A Windows box with a medium difficulty level, created by Certified ruycr4ft.At the beginning, we’ll use the provided credentials to abuse some ACLs,then we’ll leverage the Shadow Credentials method...

The intercept AD chain prepared by xct is a hard difficulty chain and consists of two Windows machines.We place a malicious file on a share where we have access and capture NTLM authentication. Fro...

Sendai is a medium difficulty Windows box prepared by xct. This machine includes topics such as Active Directory Certificate Services (ADCS), expired passwords, and SMB share enumeration. In this ...

A Windows machine on the VulnLab platform named “retro”, categorized as easy difficulty.After gaining a foothold, we compromise a pre-created machine account and exploit an ADCS vulnerability. We ...

The Reflection AD chain in VulnLab consists of three machines, and it is described as being of medium difficulty. The chain utilizes methods such as MSSQL, RBCD, password reuse, credential dumping,...

In today’s blog post, we will cover questions such as what NTLM is, what it is used for, along with their answers. What is the NTLM? NTLM (NT LAN Manager) is an authentication protocol developed b...

Cicada is a machine on the VulnLab platform with medium difficulty. This machine, which involves ESC8 and Kerberos relaying, is quite interesting Let’s start with a classic Nmap scan: ➜ cicada n...

Shinbuya is a machine with medium difficulty that involves Active Directory (AD). First, we use Kerbrute to find valid usernames. After a few steps, we dump hashes from the registry, and finally, w...