First off huge thanks to IPPSEC for posting this video and doing the heavy work when I started looking into making a private OMI Exploitation lab without hosting it on azure.

At first I ran into SSL issues with the OMI install followed by namespace issues with the SOAP…

With the latest CVE around the print spooler service this is a good time to update my guidance on securing domain controller environments with security hardening policies.

Just for reference at the time of this posting there is an RCE going around with the print spooler service which can be…

Here is another writeup on Chatterbox. This is a retired machine in HTB.

  1. Reconnaissance

An NMAP scan reveals two ports open. 9255 and 9256

A quick google search yields the following exploit DB result:

Next I do a searchsploit for achat software and I get two results for a remote…

This box is on the retired list in hack the box. Here is a walk through on how I got full system privileges in this active directory environment.

Pre-Requisites installations needed in Kali: —

Impacket —

Evil-WinRM — —

Installation walkthrough of prerequisites:


sudo apt install python3-pip

sudo git clone /opt/impacket

This is the first series of domain controllers I was able to compromise in hack the box. At the time of this writing the box has been retired allowing me to post how I did reconnaissance, enumeration, initial foothold, and privilege escalation. …

Here are my notes to make a successful install of Impacket on Kali Linux version 2020. These were taken from

Step by step commands to run in terminal:

sudo apt install python3-pip

sudo git clone /opt/impacket

sudo pip3 install -r /opt/impacket/requirements.txt

sudo python3 ./ install

The NSA and FBI had an excellent joint write up on Russian Drovorub Malware on 8/13.


So for defenders what should you be doing with your internet facing Linux servers?

The NSA offers the following mitigation strategies:

  1. Apply Linux Updates
  2. Prevent Untrusted Kernel Modules (Ex. Activate UEFI/Secure boot)

This is my walkthrough on how to get started with bloodhound in Kali Linux

Open up terminal in Kali and type the following command:

sudo apt install bloodhound

After you select yes to install and the installation completes we will need to change the default passwords on the neo4j console…

I’ve gotten into kerberoasting lately and thought this would be a good opportunity to talk about auditing your SPN’s and encryption types in your environment. …

There is a wealth of information that is stored in AAD. Email addresses, telephone numbers, group memberships, physical contact info, job titles. It even has pictures of employees. Just some thoughts and recommendations of limiting access:

  1. Restrict access to the Azure AD Administration portal.

To access AAD type Azure Active…

Root ♊

It's 2016 and all I found was Toilets running Telnet...using shodan

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store