OffSec Proving Grounds

OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. Compared with my previous AuthBy writeup, this lab was more focused on Active Directory enumeration and privilege escalation. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions. ...

OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this machine quite useful because the attack path was not just about scanning and running a public exploit. The chain started from FTP enumeration, moved into credential discovery, then web access, initial foothold through a PHP reverse shell, and finally Windows privilege escalation. The overall attack path was: ...