The well-documented Extra-SID attack uses the child krbtgt hash and routes through the child KDC. There's a second path that bypasses the child KDC entirely, using the inter-realm trust account hash to forge the referral ticket directly.
Published on March 15, 2026
How joining a Hack The Box team turned occasional box solving into consistent competition, first blood, and a spot at the top of the leaderboards
Published on February 17, 2026
Why 'just for testing' changes create real attack paths, and how attackers are always watching for that brief window of opportunity
Published on February 16, 2026
The highs and lows of penetration testing - from achieving first blood on Hack The Box to being humbled by the next release
Published on January 27, 2026
Why banning Raspberry Pi and Flipper Zero at NYC's mayoral inauguration while allowing smartphones and laptops is textbook security theater
Published on December 31, 2025