Overview Data is an easy linux box with only two open ports. We have SSH and a Grafana instance on port 3000. It runs on an old version of grafana, version 8.0 which is susceptible to unauthorized...

Summary Enumeration We start with nothing, but we try an nmap scan. # Nmap 7.97 scan initiated Wed Jul 16 10:51:45 2025 as: nmap -vv -sCV -oA nmap/certificate -Pn -T4 --min-rate 1000 -p- 10.10.1...

Overview This is an older box that’s on ippsec’s unofficial CPTS playlist. So I won’t be revealing anything too new here, but I found this box to be particularly good because of how many things you...

I have recently gone through Ippsec’s unofficial CPTS prep list in order to well-round myself before taking the exam. My methodolgy for this was simple, attempt the box, if I get stuck for over an...

Overview This is an Easy windows box that focuses on a newer CVE and something HackTheBox has been issuing more of which is covering Certificate Services. The main requirement of this box that I’d...

Kudos This is by far the single most educational box I’ve encountered on HTB for deailing with nuances of Active Directory and Kerberos. The general idea of what to do is almost evident from the fi...

Overview Now, I’ve done a few boxes so far in Hack The Box and I’ve occasionally had to use kerberos to get a ticket. And it was a realm (yeah, I did that) of complete fuzziness for me as to how t...

Overview I decided to undertake the Cloud Resume Challenge. I’ve deployed a few things to the cloud and made a full bash deployment script for a website that pushes it to Cloudfront and does all t...

Overview I have been humbly trying to learn Terraform locally because provisioning cloud resources is a costly endeavour. And trying to learn a tool that is primarily for cloud usage on a local en...

HTB Planning Table of Contents Overview Enumeration Initial Foothold Privilege Escalation Remediation Overview Scope IP Addresses: 10.10...