Myles Nieman
← All writeups

Kerberos

2 writeups

Ghost

Insane

LDAP injection on a Next.js intranet leaks a service-account secret that unlocks Gitea; a custom Ghost CMS file-read exposes an RCE dev key; from …

Windows

Succession

Easy

Given SSH credentials for david.smith, BloodHound and netexec confirm the BadSuccessor (dMSA delegation abuse) primitive; SharpSuccessor creates a …

Windows