Flight - HackTheBox Writeup (10.10.11.187)
Hard-difficulty Windows machine that covers forced NTLM authentication techniques through Remote File Inclusion and SCF file attacks. Lots of pivoting between service accounts and user accounts using web shells. Privilege escalation by abusing SeImpersonatePrivilege to perform token impersonation.
Timelapse - HackTheBox Writeup (10.10.11.152)
Easy-difficulty Windows machine with a focus on Active Directory LDAP and SMB enumeration. Privilege escalation by recovering service account credentials in PowerShell history logs, then dumping LAPS passwords from the service account.
Sharp - HackTheBox Writeup (10.10.10.219)
Hard-difficulty Windows box with a focus on reverse engineering C# applications and enumerating SMB shares. Foothold gained by reversing the encryption in a Kanban application. Privilege escalation by abusing WCF server and client applications ported from .NET remoting.
Reel2 - HackTheBox Writeup (10.10.10.210)
Hard-difficulty Windows box with a focus on password spraying attacks and NetNTLMv2 hash phishing on Outlook. Privilege escalation by abusing an insecure Powershell JEA cmdlet with symbolic links, while bypassing PS constrained language mode.
Worker - HackTheBox Writeup (10.10.10.203)
Medium-difficulty Windows box with a focus on exploiting Azure DevOps environment.