07-11

Tracks-AD-Coder

#wp #AD #C# #DACL #TOTP #ADCS #CI/CD #TeamCity #CVE-2022-29623 #PKI ADMIN #CreateChild

07-06

【season-8】 htb Voleur wp

#wp #AD #Tombstone

06-09

【season-8】 htb TombWatcher wp

#wp #AD #Dacl #Self #Tombstone #esc15 #spn

06-06

Tracks-cloud-Vessel

#wp #sysctl #pinns #pdf #owa #git #mysqljs #Pyside2

06-04

Tracks-AD-APT

#wp #rpc #ipv6 #pth #reg #Rogue potato #Ntlmv1 #AD

05-21

crtp-study-lab-note

#wp

04-22

【season-7】 htb Scepter wp

#wp #AD #esc14

04-21

ActionOPs

#wp #github

04-14

「IngressNightmareをめざす異世界泥頭車！一、serviceはなに？！」

#Kubernetes #service #Nodeport #kube-proxy

04-13

【season-7】 htb Nocturnal wp

#wp #ispconfig #IDOR

04-04

【season-7】 htb Haze wp

#wp #AD #SeImpersonatePrivilege #efspotato #ldap #rpcclient #lsaquery #splunk #bloodhound

03-25

【season-7】 htb Code wp

#wp #fifo #pyjail

03-19

【season-7】 htb TheFrizz wp

#wp #AD #GSSAPI #GPO #Gbbion #WriteGPlink #OU #RECYCLE.BIN #wapt

03-13

Tracks-AD-Acute

#wp #AD #Powershell #pswa #Configuration #HKLM

03-03

【season-7】 htb Cypher wp

#wp #neo4j #bbot #sqli #jar

02-27

【Sherlocks】APTNightmare

#wp #beacon #pfishing

02-26

【season-7】 htb Checker wp

#wp #reverse #teampass #bookstack #Command injection #shm #c #2FA #TOTP #SSRF #LFR #Pseudorandom

02-21

【season-7】 htb Darkcorp wp

#wp #pfishing #AD #efspotato #SQL injection #smb_krbrelayx #krbrelayx #dnschef #postgresql #GSSAPI #Roundcube Webmail #dnsadmin #ntlmrelayx #PetitPotam #bypass AMSI #dpapi #sssd #gpo

01-31

htb—ctf-Forensic/Window's_Infinity_Edge

#wp #C# #Forensic #SharPy #Shellcode

01-23

【season-7】htb wp Backfire

#wp #websocket #havoc #go #hardhat #iptables #iptables-save

01-16

【season-7】 htb EscapeTwo wp

#wp #AD #WriteOwner #ESC4 #ESC1 #PKINIT #msDS-KeyCredentialLink

01-15

Tracks-AD-Object

#wp #AD #powerview #firewall #Jenkins #SPN #powershell #logon script #GenericAll #WriteOwner #ForceChangePassword

01-09

Tracks-AD-Flight

#wp #AD #smbmap #cme #php #smb #fishing #psexec #runascs #asp #defaultapppool #SeImpersonatePrivilege #efspotato

01-06

Tracks-AD-Intelligence

#wp #AD #kcd #dnstools #GMSA #username-anarchy #fuzz

01-04

Tracks-AD-Scrambled

#wp #AD #mssql #ldaps #tgt #impacket-GetUserSPNs #sliver ticketer #impacket-smbclient #NTHASH #C# #DLL #ysoserial.net

01-04

Tracks-AD-Return

#wp #AD #ldap #Server Operators #SeBackupPrivilege

12-31

Tracks-AD-StreamIO

#wp #AD #php #mssql #fuzz #WriteOwner #SQL injection #sqlcmd #browser #laps

12-31

Tracks-AD-Escape

#wp #AD #esc1 #mssql #Rubeus

12-31

Tracks-AD-Timelapse

#wp #AD #laps #pfx #PSReadLine #zip

12-26

Tracks-AD-Support

#wp #AD #rbcd #ldap #C#

12-26

Tracks-AD-Authority

#wp #AD #esc1 #rbcd #PasstheCert #ldap #ansible_vault

12-20

crtp-study-note

#AD #crtp #note

12-20

【Sherlocks】Blizzard-Breakdown

#wp #s3 #aws #mail #edge

12-19

【Sherlocks】Cookie-Consumption

#wp #sherlocks #k8s #pod

12-17

【season-6】 htb Heal wp

#wp #consul #limesurvey #LFI

12-14

【CVE machines】 htb Unrested wp

#wp #SQL injection #Zabbix #CVE-2024-36467 #CVE-2024-42327 #Nmap

12-12

Tracks-AD-Rebound

#wp #AD #rbcd #no-preAuth #cd #bypass-kerberos-only #brute-rid #AS-REQ ST #DACL #remote-potato #winlogon #rosating

12-08

Tracks-cloud-Unobtianium

#wp #k8s #nodejs #merge #deb #sercerts #pods

12-08

【season-6】 htb LinkVortex wp

#wp #ghost #symlink

12-03

【season-6】 htb Vintage wp

#wp #kcd #GMSA #dpapi #AllowedtoAct #pre2k

11-30

htb—ctf-Forensic/Suspicious Threat

#wp #Forensic #rootkit

11-29

htb—ctf-web/Pentest_note

#wp #h2

11-29

Tracks-cloud-Epsilon

#wp #aws #jwt #ssti

11-27

Tracks-cloud-Gobox

#wp #s3 #aws #ssti #nginx

11-25

Tracks-cloud-Monteverde

#wp #azureAD

11-24

Tracks-cloud-worker

#wp #azure devops #svn

11-24

【season-6】 htb Alert wp

#wp #fishing

11-22

【season-6】 htb blockblock wp

#wp #blockchain

11-21

【2024 市赛】pwn01

#wp #pwn

11-09

【2024 网鼎杯】玄武组_pwn02

#wp #pwn

10-19

cc-一些容易混淆的点

#Tips

10-16

record-双供应链拿一个目标

#实例记录

09-18

Framework-API-Interface-Information-Leak

#wp #cve

09-16

【season-6】 htb Caption wp

#wp

09-11

jail 和 ssti

#wp

09-09

【season-6】 htb Sightless wp

#wp

08-28

【羊城杯 2024】 pwn1

#wp #pwn

08-26

【season-6】 htb MonitorsThree wp

#wp

08-23

【season-6】 htb Lantern wp

#wp

08-11

【season-6】 htb Sea wp

#wp

07-28

【season-6】 box Compiled wp

#wp

07-21

【season-5】box GreenHorn wp

#wp

07-20

【season-5】box Ghost wp

#wp

06-25

maldev

#study

06-24

【season-5】 htb Axlle wp

#wp

06-16

【season-5】box Editorial wp

#wp

06-09

【season-5】box Blurry 一个失败的user记录

#wp

06-08

CubeMadness2-gamepwn

#wp #gamepwn

06-07

padding oracle attack 原理

#misc

06-06

【season-5】box freelancer wp

#wp

05-30

【season-5】box magicgardens wp

#wp

05-26

【season-5】box BoardLight wp

#wp

05-18

Tracks-cloud-bucket

#wp #aws

05-16

Tracks-cloud-steamcloud

#wp #k8s

05-14

Ropemporium-6-x64

#wp #pwn

05-13

Ropemporium-6-x86

#wp #pwn

04-26

zentao-20240426未授权-poc

#poc

04-26

【season-5】 htb Runner wp

#wp

03-23

【season-4】htb WifineticTwo wp

#wp

02-26

【season-4】htb jab wp

#wp

02-20

htb—ctf-blockchain/Distract_and Destroy

#wp #blockchain

02-19

【season-4】htb office wp

#wp

02-13

【Sherlocks圣诞节特辑】htb OpTinselTrace-4 wp

#wp