Myles Nieman
← All writeups

ADCS

4 writeups

PingPong

Insane

An assumed-breach scenario starting with domain credentials for c.roberts; initial BloodHound enumeration of ping.htb identifies ADCS as a potential …

Windows

Logging

Medium

Readable SMB log share leaks an svc_recovery password (with a year-increment pattern), Generic Write on MSA_HEALTH$ enables shadow credential abuse …

Windows

VulnCicada

Medium

An exposed NFS share leaks domain usernames and a credential hidden inside an image file; the password belongs to Rosie.Powell, whose account is used …

Windows

Overcertified

Easy

An LDAP service account password stored in its own description field enables BloodHound collection and Kerberoasting of the MSSQLSERVER account; MSSQL …

Windows