Timelapse - HackTheBox Writeup (10.10.11.152)
Easy-difficulty Windows machine with a focus on Active Directory LDAP and SMB enumeration. Privilege escalation by recovering service account credentials in PowerShell history logs, then dumping LAPS passwords from the service account.
Sharp - HackTheBox Writeup (10.10.10.219)
Hard-difficulty Windows box with a focus on reverse engineering C# applications and enumerating SMB shares. Foothold gained by reversing the encryption in a Kanban application. Privilege escalation by abusing WCF server and client applications ported from .NET remoting.