Writeups from hands-on labs: CloudGoat, Hack The Box, and similar environments. For all posts, see the full blog index.
CloudGoat (cloud_breach_s3) walkthrough
Exfiltrating cardholder data from S3 by abusing IMDSv1 and a misconfigured EC2 reverse proxy — CloudGoat scenario walkthrough.
SNS_Secrets (CloudGoat): API Key Exposure via SNS Topic Subscription
Exposing an API Gateway key through a publicly subscribable SNS topic and pivoting to enumerate a protected endpoint in CloudGoat.
Exploiting Secrets in Elastic Beanstalk (CloudGoat - beanstalk_secrets)
Starting from a low-priv IAM user, this CloudGoat scenario shows how leaked Beanstalk environment credentials can chain into IAM privilege escalation and...
Dream Job
Sherlock challenge notes on Operation Dream Job, mapping Lazarus tradecraft with MITRE ATT&CK and IOC enrichment using VirusTotal.
Chemistry
HackTheBox Chemistry walkthrough: CIF parser code execution to foothold, credential recovery from SQLite, and local aiohttp path traversal to root flag.
Certified
HackTheBox Certified walkthrough: starting from a low-priv AD user, abusing ACL/ownership and ADCS misconfigurations to obtain administrator access.
Bastion
HackTheBox Bastion walkthrough: anonymous SMB backup access, offline SAM hash cracking, credential recovery from mRemoteNG config, and administrator WinRM access.
Nest
HackTheBox Nest walkthrough: SMB share abuse, credential decryption from app configs, HQK debug access, and privileged account compromise.
Archetype
HackTheBox Archetype walkthrough: anonymous SMB backup leak to MSSQL access, command execution via xp_cmdshell, and administrator credential recovery from PowerShell history.