๐๏ธ
โ
FEATURED POST
FEB 18, 2025
RED TEAM
Exploiting Kerberoastable Accounts in a Lab AD Environment
Walked through identifying SPN accounts, cracking TGS tickets offline with Hashcat, and how defenders can detect it. Deep dive into the full kill chain โ from enumeration with PowerView to offline cracking, and finally mapping detection logic in Elastic SIEM.
FEB 15, 2025
BLUE TEAM
Building a Custom Sigma Detection Rule for Lateral Movement
Created a detection rule targeting SMB lateral movement via PsExec, tested against real lab traffic in Elastic SIEM.
FEB 12, 2025
NETWORK
Setting Up pfSense VLANs for Lab Network Segmentation
Documented isolating my homelab into attack/target/monitoring zones using pfSense VLAN tagging and firewall rules.
FEB 09, 2025
TIL
TIL: NTLMv2 Hash Capture via Responder on Internal Networks
Quick lab session capturing NTLMv2 hashes by poisoning LLMNR/NBT-NS requests, then cracking with Hashcat.
FEB 06, 2025
MALWARE
Malware Analysis: Unpacking a Basic Dropper Sample
Static and dynamic analysis of a dropper in REMnux โ examining strings, imports and extracting IOCs from the sample.
FEB 03, 2025
HTB
HTB Writeup: Privilege Escalation via SUID Binary
Full walkthrough of a HackTheBox machine focusing on SUID binary exploitation for local privilege escalation.
JAN 30, 2025
BLUE TEAM
Threat Hunting with Elastic: Spotting Beacon Traffic
Used KQL queries in Elastic to hunt for C2 beacon-like patterns in my lab โ periodic connections, jitter analysis, and process trees.
JAN 27, 2025
RED TEAM
BloodHound: Mapping AD Attack Paths from a Low-Priv User
Ran BloodHound against my AD lab to discover shortest paths to domain admin from an unprivileged domain account.
JAN 24, 2025
NETWORK
Analyzing a Phishing PCAP with Wireshark and Suricata
Dissected a malicious pcap file from Blue Team Labs Online โ tracked the full infection chain from email delivery to callback.
JAN 21, 2025
TIL
TIL: Pass-the-Hash Still Works Against Local Accounts
Tested Pass-the-Hash using Impacket's psexec.py against a non-domain machine โ worked even with the same local admin password.
JAN 18, 2025
MALWARE
Writing a Basic YARA Rule to Detect a Dropped Payload
Used strings and byte patterns from a dropper sample to build and test a YARA detection rule in a controlled environment.
JAN 15, 2025
CTF
CTF Writeup: Web LFI to RCE via Log Poisoning
Solved a boot2root machine by exploiting a Local File Inclusion vulnerability and poisoning Apache logs to achieve remote code execution.
๐
NO POSTS MATCH YOUR SEARCH