/tags/activedirectory/ Recent content in Activedirectory on Valentin's Blog Hugo en Tue, 07 Apr 2026 00:00:00 +0000 /posts/fluffy/ Tue, 07 Apr 2026 00:00:00 +0000 /posts/fluffy/ <p><img src="/posts/fluffy/fluffy.png" alt="fluffy"></p> <p>Fluffy is an Easy-rated Windows machine and my first box from the new CPTS Preparation Track on HackTheBox. It&rsquo;s a great box if you want to get hands-on with modern Active Directory attacks. We start from an assumed-breach perspective, inject a crafted .library-ms file via an SMB share to harvest NTLM hashes, and continue by abusing Generic Write privileges through Shadow Credentials. The final step to Domain Takeover is exploiting an AD CS ESC16 vulnerability.</p>