Here we will perform a token impersonation. There are a few ways an adversary can access tokens of elevated accounts, such as a domain administrator. For this walk-through, we will simply use Meterpreter. Prerequisites: Domain controller with Active Directory setup. See this series, to set up your lab environment. Kali Continue Reading

I’ve found myself giving people plenty of pointers and links that I think helped me out when I was doing the PWK coursework and the labs for OSCP. So because of that, I figured I’d actually collect everything in one spot and I can just refer anyone interested here. I’ll Continue Reading

Getting a Meterpreter session is always a wonderful thing. You can elevate privileges, dump hashes, clear windows logs, download/upload files, and more. Prerequisites: Domain controller with Active Directory setup. See this series, to set up your lab environment. Kali Linux Windows 10 VM, joined to a domain Setting your environment Continue Reading

I am currently pursuing my OSCP, but every now and then I like to take a break and mess with my homelab or take a look at some challenges. Yesterday on a slack I participate on, someone posted a link to a BSidesSF CTF that was ongoing with their account Continue Reading

Part I: Part I: Requirements / Installing Operating SystemsPart II: Part II: Setting up Active DirectoryPart III: Part III: Joining Windows 10 to Domain, Mapping Shared Folder, & Quick Kali ConfigurationPart IV: Part IV: Attacking Introduction: This is part one of a series of posts I’ll be making on performing Continue Reading

First off, thanks for checking out my site. The following is a fairly long post detailing how I found my passion in this career field, and hopefully may give you, the reader, some insight on where I stand as of writing this. I started my journey in Netsec / Cybersecurity Continue Reading

  PREP   Gathering some good ol’ links here that should be beneficial in some way for my pursuit of the OSCP. Got many of these links from other people and from scrolling through reddit r/asknetsec, r/netsecstudents.   This year I took a serious stab at the National Cyber League Continue Reading