Skip to main content

Playbooks

The list, the gist, the playbooks aka quick little guides supposed to help you figure things out faster than me.

2025

What's Cracking? Oh, must be your KeePass password!
·815 words·4 mins
Red Team Security Black Hat Go
Recently, I found myself stumbling upon a .kdbx (KeePass Database) file as part of a backup in a CTF and needed to crack the password to gain access to the secrets contained and consequently elevate my privileges. Problem was, that I couldn’t get the hash in the right format for cracking it with john: unsupported database file version (4). So, I built keepass-rush to do so myself.
Read more
Privilege Escalation via DPAPI
··672 words·4 mins
Red Team Security Windows
DPAPI can be useful in situations when you got an initial foothold on a Windows host and are seeking to escalate your privileges. More specifically, we are talking a scenarios where your initial access user shares their home folder with a privileged account. This is a setup that is commonly found in Active Directory contexts, when a single person is operating with 2 distinct users, 1 for their everyday work and another one for dedicated administrative actions such as managing other users & groups that required elevated privileges.
Read more