Web Application

Exploiting Tomcat

Exploiting common Tomcat vulnerabilities.

Cheat Sheets

Configuring Kali

Adding additional security auditing tools to Kali.

Infrastructure

Attacking MSSQL

Compromising MSSQL databases, and escalating privileges.

Infrastructure

Golden gMSA Attacks

Extracting gMSA service accounts from child domains.

Infrastructure

SID History Abuse

Modifying SID History values to compromise parent domains.

Infrastructure

Backup Operator Privilege Escalation

Extracting domain controller credentials using the Backup Operators group.

Infrastructure

Active Directory Explorer

Using Microsoft AD Explorer to collect Active Directory attack path information.

Infrastructure

Active Directory DACL Attacks

Exploiting misconfigured Active Directory access control lists.

Malware Dev

Persistence Mechanisms

Maintaining access to a target system.

Infrastructure

Entra ID Connect

Extracting credentials from Azure Entra Connect.

Malware Dev

Password Filters

Using password filters to intercept logon credentials.

Infrastructure

Coerced Authentication

Persuading Windows hosts to provide machine account credentials.