Latest posts

Windows debugging - Analyzing a BSOD crash dump

We have all seen at least once a blue screen of death (BSOD) on Windows. But what is happening exactly? Where is the crash information? How to analyze them?

Apr 20, 2023 in Articles
Windows Services passwords stored in the LSA

Windows services often run with a specific account, but where and how are the passwords of the service stored? How to extract them?

Apr 06, 2023 in Articles
Useful LDAP queries for Windows Active Directory pentesting

We will see a few common queries to find useful information in LDAP during a Windows Active Directory pentest.

Apr 02, 2023 in Articles
Windows Security Questions stored in the LSA

Windows account security questions are a good way to recover your password. Where and how are they stored? How to extract them?

Oct 04, 2022 in Articles
Windows Hardening - Disabling the Print Spooler

Windows Print Spooler is a service with many vulnerabilities. In this we will see 3 methods to disable this service.

Aug 06, 2022 in Articles
Active Directory Sites and Subnets enumeration

Enumerating Active Directory sites and subnets is an important part of the enumeration phase. We will see how to extract them from Windows and linux.

Jul 23, 2022 in Articles
EC2 & RootMe - Challenge réaliste Escalate Me

Writeup du challenge réaliste Escalate Me proposé par la plateforme RootMe à l'European Cyber Cup 2022 à Lille.

Jun 10, 2022 in CTF Writeups
CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.

May 25, 2022 in CVEs
Exploiting Windows Group Policy Preferences

In this article, we will see how to decrypt encrypted passwords in Group Policy Preferences (GPP), and stored in SYSVOL.

May 20, 2022 in Articles