Playbooks

The internet is divided, one half has gone full-blown Coding Agent Mode, adamant not to touch any code ever again and the other half is skeptic AF and trying to convince everyone that AI generated code still mostly sucks. So, this is just me trying to see for myself and sharing my experience after my first actually successful result from Vibe Coding or Agentic Engineering or whatever.

A great team of developers, engineers or tech teams in general runs on more than just code – it runs on shared principles, or call it culture if you will. Those are the factors that will determine whether a team will succeed, namely constantly deliver good results, or fail in the long run.

Recently, I found myself stumbling upon a .kdbx (KeePass Database) file as part of a backup in a CTF and needed to crack the password to gain access to the secrets contained and consequently elevate my privileges. Problem was, that I couldn’t get the hash in the right format for cracking it with john: unsupported database file version (4). So, I built keepass-rush to do so myself.

DPAPI can be useful in situations when you got an initial foothold on a Windows host and are seeking to escalate your privileges. More specifically, we are talking a scenarios where your initial access user shares their home folder with a privileged account. This is a setup that is commonly found in Active Directory contexts, when a single person is operating with 2 distinct users, 1 for their everyday work and another one for dedicated administrative actions such as managing other users & groups that required elevated privileges.