https://maxtsec.com/tags/laps/Recent content in LAPS on maxtsecHugoen-usSun, 24 May 2026 00:00:00 +0000https://maxtsec.com/offsec-pg-hutch-writeup/Sun, 24 May 2026 00:00:00 +0000https://maxtsec.com/offsec-pg-hutch-writeup/<h1 id="offsec-proving-grounds-practice---hutch-writeup">OffSec Proving Grounds Practice - Hutch Writeup</h1> <p>This is my writeup for <strong>Hutch</strong>, a Windows Active Directory machine from OffSec Proving Grounds Practice.</p> <p>Compared with my previous AuthBy writeup, this lab was more focused on <strong>Active Directory enumeration and privilege escalation</strong>. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions.</p>