Azure AD Connect misconfiguration leading to credential extraction and domain compromise.

Active Directory machine demonstrating username generation, AS-REP Roasting, AutoLogon credential discovery, and DCSync-based domain compromise.

Classic Active Directory machine demonstrating GPP credential exposure leading to Kerberoasting and domain compromise.

Windows machine demonstrating Gitea access token exposure, repository-backed web deployment, mRemoteNG credential recovery, and PDF24 local privilege escalation.

Windows machine demonstrating macro-based phishing, hMailServer database credential recovery, lateral movement over RDP, and Veeam Backup exploitation.

Windows machine demonstrating phishing through a malicious LibreOffice document, IIS web root abuse, SeImpersonatePrivilege, and local administrator access through GodPotato and RunasCs.

Windows kiosk-style machine demonstrating RDP access, file-system browsing through Edge, binary restriction bypass via renaming, password recovery from Remote Desktop Plus, and GUI-based UAC elevation.

Linux machine demonstrating Grafana arbitrary file read, Grafana credential cracking, SSH access, and Docker privileged container abuse.

Linux machine demonstrating anonymous rsync access, salted MD5 cracking, FTP-based SSH key placement, password reuse, and cronjob abuse.