YPYogesh Peelainexploitnotes.hashnode.dev·4h ago · 10 min readHackTheBox: Sendai WriteupSummary Sendai is a Windows Active Directory machine exposed with SMB guest access. RID brute-forcing reveals a full user list, and two accounts have expired passwords that can be reset with no knowle00
LBLuis Balderainlbcyberdefense.hashnode.dev·11h ago · 4 min readActive Directory LabPhase 1: Windows Server Preparation & AD DS Role Before installing Active Directory Domain Services (AD DS), your server must be properly prepared. Set a Static IP: Your Domain Controller (DC) must h00
4F404 Foundersin404-founders.com·4d ago · 3 min readWindows Netlogon RCE Now Actively ExploitedA patched Windows Netlogon vulnerability is now being actively exploited. One crafted network request to a domain controller gives an attacker SYSTEM privileges and full Active Directory control. CVE:00
YPYogesh Peelainexploitnotes.hashnode.dev·5d ago · 7 min readHackTheBox: Baby WriteupSummary Baby is an Easy Windows AD box (baby.vl, DC: BABYDC). Null LDAP bind enumerates the full domain user list, including a description field that leaks a default password (BabyStart123!) for newly00
YPYogesh Peelainexploitnotes.hashnode.dev·5d ago · 13 min readHackTheBox: Breach WriteupSummary Breach is a Windows AD box centered on credential harvesting and Kerberos abuse. Initial access starts from a guest-readable, guest-writable SMB share. Dropping NTLM-coercion files (.scf, .url00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 19 · 16 min readHackTheBox: Bruno WriteupBruno is a Windows Active Directory box built around a single bad assumption: that a "malware scanner" service can safely extract whatever zip a low-privileged share drops in front of it. That assumpt00
PSpranav sethuramaninentramigration.hashnode.dev·Jun 16 · 11 min readEntra Connect Sync Is Not a Strategy. It’s Critical Identity Infrastructure.Hybrid identity was supposed to be a bridge. For many organizations, it quietly became the destination. That is the uncomfortable reality behind Microsoft Entra Connect Sync. Most enterprises deployed00
DODeka OKindatasanare.hashnode.dev·Jun 16 · 5 min read🛠️ How to Safely Grant xp_cmdshell Access to Non-Sysadmin UsersBy default, SQL Server restricts the use of xp_cmdshell to members of the sysadmin fixed server role. This is a vital security guardrail because xp_cmdshell allows the execution of Windows operating s00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 12 · 7 min readTryHackMe - Fusion Corp WriteupPlatform: TryHackMeDifficulty: Easy Reconnaissance Nmap nmap -sC -sV -A MACHINE-IP -oA nmap The scan immediately tells us this is a Domain Controller — port 88 (Kerberos), 389/3268 (LDAP), and 5985 00
4F404 Foundersin404-founders.com·Jun 5 · 3 min read The AI Intern Just Joined The Red Team The New Workflow For years, breaking into a network was only part of the job. Attackers still needed to: map Active Directory identify privileged accounts understand trust relationships locate sensit00
