Lab Writeups
Detailed walkthroughs and technical reports from HackTheBox and TryHackMe challenges demonstrating penetration testing, Active Directory exploitation, and digital forensics skills.
Breaching Active Directory
Full red team assessment demonstrating multiple independent attack paths to obtain AD credentials: NTLM password spraying, rogue LDAP server deployment, NetNTLMv2 capture via Responder, MDT PXE boot credential extraction, and McAfee Agent database exploitation.
Forest & Active – AD Attack Paths
Comprehensive attack path assessment across two AD domains. Demonstrates AS-REP roasting, GPP credential extraction, Kerberoasting, BloodHound graph analysis, DCSync abuse, and full domain compromise from unauthenticated network access to Domain Admin.
UltraVNC Backdoor – DFIR Analysis
Sysmon-only forensic investigation of a trojanized UltraVNC installer delivered via Dropbox. Complete incident timeline reconstruction including initial execution, file creation, timestomping, network C2 communication, and persistence mechanisms.
CMMC Level 2 POA&M Case Study
Sanitized case study from a mid-sized defense contractor CMMC Level 2 engagement. Documents control-by-control assessment across all 14 CMMC domains, gap analysis, policy + SOP stack design, and POA&M tracking for a complete compliance program buildout.
SOC Case Study – Adversary Simulation
Controlled adversary simulation in a homelab environment. Simulated RDP brute force, persistence via scheduled tasks, and C2 beaconing. Demonstrates full SOC workflow: detection via Wazuh/Sysmon, investigation, detection rule creation, remediation, and playbook development.