Logging - HTB
Logging starts with a routine Active Directory assessment, where seemingly ordinary artifacts and a bit of intuition gradually reveal a chain of misconfigurations leading to full compromise.
Silentium - HTB
An easy Linux machine featuring web enumeration, password reset vulnerability, container escaping, and internal service access.
DevArea - HTB
A medium-difficulty Linux machine featuring SOAP services, middleware exploitation, and multiple privilege escalation vectors.
Kobold - HTB
An easy-difficulty Linux machine featuring multiple web vulnerabilities.
Outbound - HTB
Easy Linux machine with Roundcube RCE (CVE-2025-49113), session/DB credential recovery, and below symlink privesc (CVE-2025-27591).
Previous - HTB
Medium Linux box using Next.js auth middleware bypass, LFI to extract NextAuth credentials, and Terraform provider override abuse for root.
RustyKey - HTB
Hard Windows machine with Kerberos time abuse, AD ACL misconfigurations, 7-Zip shell extension hijack, and SPN-less RBCD for domain admin.
Conversor - HTB
Easy Linux box abusing XSLT injection to write a cron-executed script, then harvesting local SQLite creds and escalating via needrestart.