Blog

TombWatcher is a Windows Active Directory box that involves lateral movement through multiple user accounts, Kerberoasting, shadow credential attacks, and certificate template abuse. We will perform BloodHound enumeration, set a service principal name for Alfred, Kerberoast to obtain Alfred’s hash, then leverage GenericAll permissions to manipulate SAM, John, and CERT_ADMIN accounts, finally using ESC1 vulnerability to request a certificate as the domain administrator.

Hi, here are the writeups for the challenges I’ve made for the Military CTF 2025

I found a way to use GPU in your QubesOS VMs. Now cracking/rendering on Qubes might be more realistic than ever.

This is a repost of a beautiful parulin’s post with minor additions. Helpful if your phone doesn’t mount to the VMs using standard options