Knowledge Base
Security reports, CTF walkthroughs, and research I've documented along the way.
Full Active Directory attack chain: blind LDAP injection to extract credentials, NTLM relay via malicious ODT, shadow credentials abuse, AD CS enrollment agent exploitation, and S4U2Proxy delegation to achieve domain admin.