Hi there, 👋

In a recent pentest I had code execution on an internal system, but was too lazy to deploy a full C2. Instead, I wanted to go for a classic reverse shell. Of course, the trusty...

Yesterday I stumbled upon an old tweet from @Oddvarmoe. In it, he described that a local admin can use the built-in ksetup.exe to change the password of the machine account....

The list of Active Directory persistence techniques is already pretty long. This blog post adds another one to that list. The basic idea is this: Add a new Group Policy...

The PEB, TEB and KUSER_SHARED_DATA structs are mapped into the memory space of every process. They provide a wealth of information to the process and can be accessed without...

During a recent internal pentest I was asked to take a closer look at the customers backup infrastructure. In this blog post I will describe the attack path from domain user to...