I built a CLI tool for Hack The Box automation in November 2025 and have been finding and patching small issues ever since. Today it finally hits v1.0.0.
Published on April 13, 2026
The well-documented Extra-SID attack uses the child krbtgt hash and routes through the child KDC. There's a second path that bypasses the child KDC entirely, using the inter-realm trust account hash to forge the referral ticket directly.
Published on March 15, 2026
How joining a Hack The Box team turned occasional box solving into consistent competition, first blood, and a spot at the top of the leaderboards
Published on February 17, 2026
Why 'just for testing' changes create real attack paths, and how attackers are always watching for that brief window of opportunity
Published on February 16, 2026
The highs and lows of penetration testing - from achieving first blood on Hack The Box to being humbled by the next release
Published on January 27, 2026