cat /blog/*
Cybersecurity articles, tutorials, and research
Lab Review Extreme Red Team Laboratories MAILSERVICE
MAILSERVICE is a multi-domain Active Directory lab that covers the full attack chain. Initial access via mail server abuse, credential extraction, network pivoting, cross-domain trust exploitation, MSSQL privilege escalation, Kerberos delegation abuse, and DCSync.
Spring Boot Actuator A Closer Look at the Attack Surface
In this post I walk through how an exposed /actuator/heapdump endpoint becomes the starting point for extracting database credentials, payment keys, AML platform secrets, and live session tokens.
Weaponizing the Rubber Ducky with Adaptix C2 : Part 2
In Part 2 of the Hak5 Toolkit series, We will walktrough hor to chain together an AMSI bypass, a Constrained Language Mode bypass, and shellcode obfuscation to achieve in-memory code execution all delivered via the USB Rubber Ducky.
Getting Initial Access with USB Rubber Ducky + Adaptix C2
A walkthrough of USB Rubber Ducky from USB to Shell and Chaining with Adaptix C2 for Initial Access.
Hooking Claude into Burp Suite with MCP
A walkthrough of connecting Burp Suite to Claude using the Model Context Protocol.
Exploiting a Banking Playground - Vulnerable Bank Application
A walkthrough of exploiting a purposely vulnerable banking application, replicating common issues encountered during real-world security assessments including SQL injection, mass assignment, JWT forgery, and business logic flaws.
Plug & Pwn Chronicles - LAN Turtle
A hands-on guide to deploying the Hak5 LAN Turtle for covert network access during Red Team engagements, covering setup, reverse SSH tunneling, and pivoting with ProxyChains.
root@blog:~# No matching posts found.