OffSec Proving Grounds Practice - Resourced Writeup

A writeup for the Resourced lab, covering SMB enumeration, credential discovery, NTDS dumping, WinRM access, BloodHound analysis, and Resource-Based Constrained Delegation.

May 31, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Jacko Writeup

A writeup for the Jacko lab, covering H2 Database exploitation through JNI, reverse shell access, Windows enumeration, and privilege escalation using SeImpersonatePrivilege.

May 27, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Hutch Writeup

OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. Compared with my previous AuthBy writeup, this lab was more focused on Active Directory enumeration and privilege escalation. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions. ...

May 23, 2026 · 10 min · Max Tse

OffSec Proving Grounds Practice - AuthBy Writeup

OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this machine quite useful because the attack path was not just about scanning and running a public exploit. The chain started from FTP enumeration, moved into credential discovery, then web access, initial foothold through a PHP reverse shell, and finally Windows privilege escalation. The overall attack path was: ...

May 19, 2026 · 9 min · Max Tse