Pentesters

NodeZero compromises the "Active" machine on Hack The Box by chaining classic Active Directory vulnerabilities: GPP password exposure, Kerberoasting, and CVE-2020-1472 (ZeroLogon). This advanced walkthrough builds on earlier feedback and demonstrates multiple escalation paths to Domain Admin.

The engineering team has been working tirelessly to improve the "what to wow" user experience, add more attack content, add indicators of best practices and improve analytical insights. Our engineering team focused on these categories based on two observations from customer engagements:

NodeZero exploited EternalBlue on HTB’s Blue machine to gain system access and dump credentials, showing the risk of unpatched SMB vulnerabilities.