Pentesting

Day Five covers key AD admin tasks - user and group creation, GPO management, and domain joins—using PowerShell with a security-focused approach.

This post digs into Group Policy, Active Directory privileges, and built-in groups. I break down who has silent power, how attackers exploit User Rights, and what defenders can do to lock it down. Expect practical cheatsheets, tools, and battle-tested hardening tips.

An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI) — from classic payloads to modern bypasses, straight from HTB Academy labs.

Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.