ShadowGate — Active Directory Walkthrough: Null Session to AS-REP Roast to AD CS
Active Directory walkthrough of ShadowGate (Windows Server 2022) — anonymous SMB user enumeration, AS-REP roasting a pre-auth-disabled account, and...
// offensive security · research · writeups
Offensive Security Consultant — penetration testing, red teaming, and adversary simulation, with a SOC and threat-detection background.
Active Directory walkthrough of ShadowGate (Windows Server 2022) — anonymous SMB user enumeration, AS-REP roasting a pre-auth-disabled account, and...
Active Directory walkthrough of ShareThePain (Windows Server 2022) — coercing DC authentication from a writable SMB share, cracking the hash, abusi...
Full Active Directory walkthrough of BuildingMagic (Windows Server 2022) — chaining a web DB leak, Kerberoasting, ACL abuse, share poisoning, and P...
Walkthrough of the Kevin machine (Windows 7) — chaining default credentials with a buffer overflow in HP Power Manager 4.2 to land a SYSTEM shell, ...
TryHackMe Airplane walkthrough — turning a Flask LFI into process recon, exploiting an exposed gdbserver for RCE, then abusing a SUID euid mismatch...
OSINT investigation into the cyber dimension of the 2025 Cambodia–Thailand border conflict — Cambodian hacktivist operations, mass data breaches, a...
Attacking OWASP Top 10, auth flaws, and real-world web bugs.
Kerberos abuse, lateral movement, and domain dominance.
Adversary emulation, C2, and evasion tradecraft.
Recon workflows and high-impact vulnerability hunting.
Static & dynamic triage, unpacking, and IOCs.
Recon, attribution, and intelligence tradecraft.
↑↓ navigate · ↵ open · esc close