More results...
Cybersecurity startup Terra Security has raised $8 million in seed funding from SYN Ventures, FXP Ventures, and Underscore VC.
The post Terra Security Raises $8M for Agentic AI Penetration Testing Platform appeared first on SecurityWeek.
Chained privilege escalation on an AD environment via misconfigured permissions β no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.
#ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest
The post Hack The Box: Administrator Walkthrough Medium Difficulty appeared first on Threatninja.net.
Successfully demonstrated advanced cybersecurity skills by exploiting a Ghost CMS vulnerability (CVE-2023-40028) to access sensitive credentials and secure the user flag. Identified and leveraged a sudo misconfiguration with the CHECK_CONTENT variable to escalate privileges and retrieve the root flag from /root/root.txt. Thrived in this hands-on challenge, sharpening penetration testing expertise! #HackTheBox #Cybersecurity #EthicalHacking #PenetrationTesting #CTF
The post Hack The Box: LinkVortex Machine Walkthrough Easy Difficulty appeared first on Threatninja.net.
Packed with real-world scenarios, hands-on techniques, and insights into widely used tools, the third edition of the bestselling Ultimate Kali Linux Book offers a practical path to learning penetration testing with Kali Linux. About the author Glen D. …
APTRS is an open-source reporting tool built with Python and Django. Itβs made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the tool. A…
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! ππ»
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough β Insane Difficulty appeared first on Threatninja.net.
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! ππ»
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough β Insane Difficulty appeared first on Threatninja.net.
The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! ππ»
#HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking
The post Hack The Box: Ghost Machine Walkthrough β Insane Difficulty appeared first on Threatninja.net.
In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced powerful new APIs for advanced threat monitoring and software analysis. These enhancements, released on April 4, 2025, offer security researchers a…
Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol…