Attack Paths

SEARCH

CATEGORIES

TAGS

    Attack Paths

    Veeam CVE Leads to Full Compromise

    July 26, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Paths

    You Can’t Manage Risk if You Lack Context

    June 29, 2023
    Low-Level Vulnerability Leads to Domain Compromise
    Read More →
    Attack Paths

    Hack The Box – Mirai

    December 6, 2021
    NodeZero compromised HTB’s Mirai machine by using default SSH creds for user pi, then escalated to root via unrestricted sudo access—gaining full control.
    Read More →
    NodeZero vs Mirai
    Attack Paths

    Hack The Box – Jerry

    September 16, 2021
    The Jerry machine from the Hack The Box platform nicely illustrates the danger of weak and default credentials.
    Read More →
    NodeZero vs Hack-the-Box Jerry
    Attack Paths

    Hack The Box – Active

    September 5, 2021
    NodeZero compromises the "Active" machine on Hack The Box by chaining classic Active Directory vulnerabilities: GPP password exposure, Kerberoasting, and CVE-2020-1472 (ZeroLogon). This advanced walkthrough builds on earlier feedback and demonstrates multiple escalation paths to Domain Admin.
    Read More →
    NodeZero vs Hack the Box Active
    Attack Paths

    Hack the Box – Blue

    August 27, 2021
    NodeZero exploited EternalBlue on HTB’s Blue machine to gain system access and dump credentials, showing the risk of unpatched SMB vulnerabilities.
    Read More →
    NodeZero vs Hack-the-Box Blue