Wireshark

Hack The Box: Certificate Machine Walkthrough – Hard Difficulty

by darknite
2025-10-04

I recently completed the “Certificate” challenge on Hack The Box: after extracting and cracking a captured authentication hash I gained access to a user account (lion.sk) and retrieved the user flag, then progressed to full system compromise by responsibly exploiting weak certificate‑based authentication controls—obtaining and converting certificate material into elevated credentials to capture the root flag. The exercise reinforced how misconfigurations in certificate services and poor time synchronization can create powerful escalation paths, and highlighted the importance of least‑privilege, strict enrollment policies, and monitoring certificate issuance. Great hands‑on reminder that defensive hygiene around PKI and identity services matters.

#CyberSecurity #HTB #Infosec #ADCS #Certificates #PrivilegeEscalation #RedTeam #Pentesting

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

by darknite
2025-06-15

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF

Hack The Box: Office Machine Walkthrough – Hard Difficulty

by darknite
2024-06-22

In this post, I would like to share a walkthrough of the Office Machine from Hack the Box This room will be considered a Hard machine on Hack the Box… Read More »Hack The Box: Office Machine Walkthrough – Hard Difficulty

Hack The Box: Response Machine Walkthrough – Insane Difficulty

by darknite
2023-02-25

In this post, I would like to share a walkthrough of the Response Machine from Hack the Box This room will be considered an Insane machine… Read More »Hack The Box: Response Machine Walkthrough – Insane Difficulty

HackTheBox: Carpediem Machine Walkthrough – Hard Difficulty

by darknite
2023-02-25

In this post, I would like to share a walkthrough of the Carpediem Machine from Hack the Box This room will be considered an Hard machine on… Read More »HackTheBox: Carpediem Machine Walkthrough – Hard Difficulty

Hackthebox: Cap Machine Walkthrough – Easy Difficulty

by darknite
2023-03-07

In this post, i would like to share a walkthrough on CAP Machine. This room is been considered difficulty rated as an EASY machine Information Gathering on cap machine… Read More »Hackthebox: Cap Machine Walkthrough – Easy Difficulty

Wireshark Masterclass

by darknite
2019-09-01

Wireshark is very popular among Security Professional especially Network Engineer and Pentester. The reason is that Wireshark can be used for Network Packet Analyzer. For… Read More »Wireshark Masterclass