https://le0pard.vercel.app/blog en-us Leopardplaysctf@gmail.com (Yasir Mehmood) Leopardplaysctf@gmail.com (Yasir Mehmood) Mon, 24 Nov 2025 00:00:00 GMT https://le0pard.vercel.app/blog/HTB-Mirage-Writeup https://le0pard.vercel.app/blog/HTB-Mirage-Writeup Initial SMB share revealed reports with usernames & DNS misconfig. Performed MITM via DNS, stole NATS creds, found domain user. Kerberoasted to initial shell. Escalated using Winlogon creds, ACE ForceChangePassword, ReadGMSAPassword. Exploited ESC10 & RBCD to DCSync and get SYSTEM. Mon, 24 Nov 2025 00:00:00 GMT Leopardplaysctf@gmail.com (Yasir Mehmood) ALL BLOGSHack-The-BoxPentestingMachinesWriteupSeason-8WindowsHardActive-DirectoryBloodhoundNATS-ServerMITMRID-Brute-ForceAD-CSKerberoastingWinlogonACLsACEsForceChangePasswordReadGMSAPasswordESC10RBCDS4U