HTB Active Writeup — Kerberoasting & GPP Passwords (2026)
My first AD box ever. Null session on SMB → GPP password in SYSVOL → Kerberoasting the Administrator → Domain Admin.
Smb
HTB Querier Writeup — MSSQL Exploitation (2026)
SMB guest access → Excel macro with MSSQL creds → Responder hash steal via xp_dirtree → xp_cmdshell → reverse shell.
My Enumeration Workflow — What I Run and Why
The enumeration methodology I use on every box. Port scanning, service enumeration, and what to check first.