HackTheBox: CCTV

Written by

Arbaaz Jamadar

Cloud Security & Application Security Engineer · OSCP · AWS Security Specialty · Master’s in Cybersecurity, University of Maryland

Note

Feel free to reachout on LinkedIn and all my socials in case you need help with the challenge. The full writeup will be released after the box is retired.

Wiz The Ultimate Cloud Security Championship: Split Horizon

Kubernetes CTF writeup: pivoting from a low-privilege bastion into a hidden cluster service by manually joining a Flannel VXLAN overlay network, bypassing pod network isolation, and discovering an internal endpoint via reverse DNS sweeps against CoreDNS.

HackTheBox: PingPong

HackTheBox Season 10 PingPong writeup: cross-forest Active Directory compromise from a low-privileged user to Domain Admin via ADCS ESC4, gMSA credential reading, RBCD, SeImpersonatePrivilege/GodPotato, DCSync, and JEA constrained-language bypass.

HackTheBox: Logging

HackTheBox Season 10 Logging writeup: unauthenticated AD enumeration, shadow-credential abuse to reset msa_health for the initial foothold, DLL hijacking on UpdateMonitor for lateral movement, and ADCS ESC1 + WSUS abuse for Domain Admin.

HackTheBox: Pirate HackTheBox: VariaType

HackTheBox: CCTV

Note

Related Articles