Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by Bilal parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀

I just completed module File Upload Attacks in HTB Academy! academy.hackthebox.com/achievement/85… #hackthebox #htbacademy #cybersecurity

Rooted Build Vulnlab on HackTheBox! Learned tons from enumerating & exploring Jenkins, Rsync, containers environments, and an interesting privilege escalation path. a solid box for practicing pivoting and cool attack chains labs.hackthebox.com/achievement/ma… #HackTheBox #htb #InfoSec

Netexec Workshop Active Directory Lab Writeup - 4nh4ck1n3 blog.anh4ckin.ch/posts/netexec-…

If you want to quickly check whether the guest account is enabled, you can now do it with NetExec. This is not enabled by default you need to set the custom flag check_guest_account in your nxc.conf file. Maybe one day it will be set to true by default 🪂

Rooted Baby on Hack The Box a solid Vulnlab classic. a very fun AD style machine. labs.hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

Anyone interested in M365, imo, the best 2000+ pages you will ever read: learn.microsoft.com/en-us/entra/id… Cheers! 🍻

Put yourself in situations where you have too much at stake to waste time or resources—if you cannot afford to lose, you won’t. Place yourself on “death ground,” where your back is against the wall and you have to fight like hell to get out alive.

I just completed module Intro to Network Traffic Analysis in HTB Academy! academy.hackthebox.com/achievement/85… #hackthebox #htbacademy #cybersecurity

I just completed module Incident Handling Process in HTB Academy! academy.hackthebox.com/achievement/85… #hackthebox #htbacademy #cybersecurity

Come and join us!

Hackers asked for a third edition of The Web Hacker’s Handbook. Rather than releasing another book which will quickly get out-dated, we created the Web Security Academy, a living, constantly updated learning hub with hands-on labs and video walk-throughs so you can learn by

Race Condition IDOR, $36,750 Where automation fails is often in the gray areas. In the case of this bug, an IDOR existed by integer "orderId", which would allow viewing and hijacking someone else's order by simple swapping the order number - but ONLY IF the order had not yet

404 page to RCE. A report by spaceraccoon | Eugene Lim He chained two old CVEs to achieve RCE: - Found a 404 page mentioning an obscure CMS, discovered /josso/signin login - Triggered CVE-2007-0450 (directory traversal in mod_proxy) using a %5C../ to bypass the internal proxy - Reached

I love security research and believe everyone has the potential to do it… which makes screening/rejecting research job applicants one of the hardest parts of my job. Have to remember a rejection is not a judgement of individual potential.

From Zero Creds to Enterprise Admin, by Ivan Spiridonov xbz0n.sh/blog/from-zero…

I just solved CCTV on Hack The Box! labs.hackthebox.com/achievement/ma… #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

You see others solving expert-level labs and posting writeups with complex exploit chains. And you're still struggling with the apprentice labs. That's fine. Those people also struggled with the apprentice labs once. They just did it before you followed them. Web security has a

The AI revolution is here 🔥  HTB COAE is built for practitioners ready to stress-test tomorrow's neural networks. Built upon the AI Red Teamer path, developed in collaboration with Google, this certification proves you can handle real-world AI red teaming from start to finish.

I just root Pirate on Hack The Box! Great box solid all around. Clean attack chain, a lot of value in how everything linked together. Learned a ton from the flow labs.hackthebox.com/achievement/ma… #HackTheBox #HTB #CyberSecurity #PenTesting