A Linux web machine built around font processing tools — leaking source code leads to credentials, and a chain of vulnerabilities in font libraries carries the attack from initial access all the way to root.

This module covers file transfer techniques leveraging tools commonly available across all versions of Windows and Linux systems.

A Linux machine running two vulnerable surveillance applications — a SQL injection in ZoneMinder leads to credentials, and an authenticated RCE in motionEye is leveraged to set a SUID bit and escalate to root.

A Windows Active Directory machine that chains Pre-Windows 2000 misconfigurations, gMSA credential abuse, NTLM relay with RBCD, and SPN manipulation to pivot from a low-privileged domain account all the way to Domain Admin.

A classic retired Windows machine that chains anonymous FTP write access with an unpatched kernel vulnerability to achieve full system compromise.

This module equips learners with essential web reconnaissance skills, crucial for ethical hacking and penetration testing. It explores both active and passive techniques, including DNS enumeration, web crawling, analysis of web archives and HTTP headers, and fingerprinting web technologies.

Introinformation gathering using active (scans) and passive (use of third-party providers) methods. Enumeration Mythology Infrastructure Based EnumerationDomain Informationpassivel…

A Linux machine where an XSLT stylesheet processor accepts attacker-controlled input — and the ability to write arbitrary files, combined with a scheduled task and a vulnerable system utility, leads to root.

A Windows domain controller where SQL Server impersonation exposes a cracked hash — and a recently disclosed Active Directory attack against delegated service accounts enables a complete domain takeover.

A healthcare integration platform exposes an unpatched RCE, but cracking a non-standard password scheme is only the halfway point — getting to root means finding the flaw hidden inside a server that claims to be safe.