Three (3) new exclusive Machines landed in Dedicated Labs, focusing on CVE exploitation, Privilege Escalation, NTLM Relaying & SQL Server Abuse, and more!

Cup

Learn how to exploit multiple vulnerabilities in the CUPS printing system, from initial foothold via a crafted request to privilege escalation through remote printer creation. You’ll leverage these flaws for lateral movement, obtaining full system privileges by exploiting various CVEs and insecure configurations.

Slashed

Explore how an Apache Web Server vulnerability (CVE-2024-38472) leaks NTLMv2 hashes, which can then be relayed to escalate privileges via Microsoft SQL Server, showcasing the dangers of credential exposure and improper authentication mechanisms.

Peeps

Learn how to exploit an Apache ACL bypass vulnerability to gain SSH access with leaked credentials, and then see how Docker group access can be abused for privilege escalation, emphasizing the importance of securing access controls and container permissions.

We've reached the finale of our six-part series on detecting Active Directory attacks, and the final two (2) Sherlocks are now live!

Here’s how these new scenarios will prepare you to handle real-world Active Directory threats:

CrownJewel-1: This Sherlock focuses on detecting NTDS.dit dumping. You’re tasked to analyze event logs and the Master File Table (MFT) to respond to an attack using the vssadmin utility, sharpening your incident response skills.

CrownJewel-2: In this scenario, the focus remains on detecting NTDS.dit dumping, but with a twist - here, the attacker employs the ntdsutil utility. By analyzing event logs, you’ll practice the necessary steps to respond effectively to this specific attack vector.

To streamline team training, we’ve launched a new Path in Dedicated Labs that bundles all six Sherlocks, making it easy for managers to upskill their teams in one go.

And for those looking to dive even deeper into NTDS.dit dumping attacks, check out our latest blog post for additional insights and tips.