Sep 26, 2025
Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as...
Sep 19, 2025
This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy. To review where we’ve been in parts 1 and 2:
- We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
- From that dump, we used the SQL box hash to do a...
Sep 12, 2025
Happy Friday! Today’s another hot pile of pentest pwnage. To make it easy on myself I’m going to share the whole narrative that I wrote up for someone else:
I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine...
Sep 5, 2025
Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today’s episode:
- Got an SA account to a SQL server through Snaffler-ing
- With that SA account, I learned how to coerce Web auth from within a...