Martin Mielke @xct_de Twitter profile

Last Seen Profiles

@juliamunropc

@DrugAngel_vrc

@5k97ZAjWm9fTiWc

@MumbaiFilmFest

@xxxEvangelina

@ingnl

@akvarellyoga

@Rayan10_77

@thatsme525

@1020_yin

@soymilk_o0

@boazhepner

@tFrN7FdyiV12258

@AngeliqueRewers

@Ad_Tel_210168

@ryan_mackley

@Aggron14

@zorte_a

@127_ifind

@Claydon_High

@moragooyoo

@Drmysterious6

@y3n1__

@aryeha

@ccasGU

@BinorRaja

@RBlyskye7

@miaomiaolllk

@JackermanDev

@cukienaknikmati

@WESTorg

@PureeeMiyuu_

@Coco_Cat38

@FreeWebTurkey

@pmwQSfD09Lu7K

@Miracle_Obioma

Martin Mielke

@xct_de

2 years

Had some time to solve Midenios from the HTB Business CTF last week - a great challenge to get started with Firefox exploitation. Here is my writeup:

Browser Exploitation: Firefox OOB to RCE • Vulndev

In this post, we will exploit Midenios, a good introductory browser exploitation challenge that was originally used for the HackTheBox Business-CTF. I had some experience exploiting IE/Edge/Chrome...

vulndev.io

2

128

487

Martin Mielke

@xct_de

2 years

I spent the last few months on windows exploitation and finally got my OSEE . Thank you @offsectraining !

OffSec Exploitation Expert (OSEE) • Martin Mielke • Cybersecurity Training Badges from OffSec

Home of digital credentials

www.credential.net

28

26

414

Martin Mielke

@xct_de

4 years

I just passed my OSEP exam! I really enjoyed this course. A lot of good content about AV evasion & AD exploitation and good challenge labs to practice on (plan some time for these, they take a while to finish). OSED next🙂 #offsec @offsectraining

27

11

370

Martin Mielke

@xct_de

2 years

Uploaded some kernel exploits & resources I used to practice - mainly targetting HEVD from @HackSysTeam on Win10x64.

GitHub - xct/windows-kernel-exploits: Some of my windows kernel exploits for learning purposes

Some of my windows kernel exploits for learning purposes - xct/windows-kernel-exploits

github.com

2

85

243

Martin Mielke

@xct_de

9 months

That's a wrap on Season 3 at @hackthebox_eu - Ranked 1st in both team and individual leaderboards. Big thanks to @ATeamJKR , @snowscan , @macz01590714 , @k0zmer - you guys are the best :)

19

8

239

Martin Mielke

@xct_de

5 years

I just passed my AWAE exam and obtained the OSWE certification! That was a fun challenge - I can recommend the course to anyone interested in finding vulnerabilities in web applications through code review & debugging. #offsec @offsectraining

15

10

191

Martin Mielke

@xct_de

2 years

My first three videos on testing a relatively large, custom active directory environment are out. To get started, check out the first part here:

4

28

132

Martin Mielke

@xct_de

2 years

Great find by @filip_dragovic 🔥! NetrDfsAddStdRoot seems to do the trick too.

Filip Dragovic

@filip_dragovic

2 years

Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service not installed but you still want to relay DC authentication to ADCS? Don't worry MS-DFSNM have your back ;)

30

531

1K

1

27

130

Martin Mielke

@xct_de

3 years

I just received a lovely email from @YouTube that one of my @hackthebox_eu walkthroughs violates the "harmful and dangerous policy". Put some effort into writing an appeal, which got rejected in under a minute after sending it. Nice. Does anyone have experience dealing with this?

18

15

108

Martin Mielke

@xct_de

4 years

After working through #BlackHatGo (awesome book!), I built a small windows reverse shell. Maybe someone finds it useful: .

GitHub - xct/xc: A small reverse shell for Linux & Windows

A small reverse shell for Linux & Windows. Contribute to xct/xc development by creating an account on GitHub.

github.com

4

31

101

Martin Mielke

@xct_de

2 years

Red Team Ops II ✔️ Another excellent course by @zeropointsecltd .

2

5

91

Martin Mielke

@xct_de

10 months

Reported a LPE on the Linux version of Papercut NG about 6 months ago. Still doesn't seem to be fixed on the current version (23.0.3). Here are the details:

Papercut Privilege Escalation

Papercut Privilege Escalation. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

0

20

83

Martin Mielke

@xct_de

5 months

@vulnlab_eu @offensive_con Might record a walkthrough for this one if enough people are interested :) I realize it's a pretty niche topic though.

7

0

74

Martin Mielke

@xct_de

3 years

Proper retired today on HackTheBox. @ATeamJKR and I had a lot of fun creating this box and watching the community solve it. It has SQLi, RFI, TOC/TOU, Golang Reversing & an Arbitrary File Write as SYSTEM. Here is my writeup & video of the box:

2

14

72

Martin Mielke

@xct_de

2 months

This is somewhat similar for domain-joined ubuntu machines - if you can create the AD group "admin" and use_fully_qualified_names is set to false in sssd.conf, you will be able to sudo to root due to the default "%admin ALL=(ALL) ALL" sudoers entry.

Sean Metcalf

@PyroTek3

2 months

In today's WTF?!?!? moment When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights. So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors!

43

430

2K

2

18

73

Martin Mielke

@xct_de

2 years

Another blood for TheATeam after @macz01590714 blooded the challenge on Friday 🎉 Cool box by @irogirctf & @TheCyberGeek19 . #hackthebox

Owned Derailed from Hack The Box!

I have just owned machine Derailed from Hack The Box

www.hackthebox.com

6

2

69

Martin Mielke

@xct_de

3 years

Attended was a pretty tricky OpenBSD machine on #HackTheBox . We get RCE via Vim, write a simple HTTP reverse shell and exploit a custom OpenBSD binary for root. Thanks, @ATeamJKR & @macz01590714 , for going over the details on this one again with me!

4

14

60

Martin Mielke

@xct_de

2 years

If you are working through the Shinra Labs or are just interested in Active-Directory Pentesting, check out my 9-part series from External to DA.

Vulnlab | Shinra: And So It Begins - SQLi, Command Injection & Hash...

This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various t...

www.youtube.com

1

9

57

Martin Mielke

@xct_de

4 years

I recently started to create short videos on #HackTheBox machines. Here is my current one on Traverxec, a nice and easy linux box by @ATeamJKR :

HackTheBox - Traverxec

Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the passphrase of an ssh private key a...

www.youtube.com

2

14

55

Martin Mielke

@xct_de

1 year

I'm starting a new video series on pentesting the new lab (Wutai). In the first one, we'll start from the perspective of an unauthenticated, external attacker and will mainly focus on enumeration and getting initial access.

Vulnlab | Wutai: Initial Enumeration, Password Spraying & Getting...

This is part 1 of the Wutai series. From an unauthenticated perspective we enumerate the external perimeter & the internal network via an open squid proxy. W...

www.youtube.com

0

15

52

Martin Mielke

@xct_de

4 years

We just got both bloods on Reel2 :) Thanks @snowscan @ATeamJKR @InfoSecJack ! Really awesome box by @cube0x0 ! @hackthebox_eu

2

1

48

Martin Mielke

@xct_de

5 years

Automatic exploit generation for simple linux pwn challenges:

GitHub - xct/ropstar: Automatic exploit generation for simple linux pwn challenges.

Automatic exploit generation for simple linux pwn challenges. - xct/ropstar

github.com

0

12

41

Martin Mielke

@xct_de

3 years

Pivotapi by @CyberVaca_ & @3v4Si0N was a really enjoyable windows machine on #hackthebox . It involved a lot of small steps, including various active directory attacks & some light reverse engineering. At the end, I'm showing 2 unintended paths.

0

12

45

Martin Mielke

@xct_de

6 months

@RedTeamTactics @hackthebox_eu We do custom hiring challenges via @vulnlab_eu (for red teaming: small realistic environments with a couple of machines). Since those are private there are no writeups :)

1

3

29

Martin Mielke

@xct_de

6 months

On my way to #Zer0Con2024 organized by the wonderful @POC_Crew !

0

1

42

Martin Mielke

@xct_de

3 years

My video on Cereal by @micahvandeusen on #HackTheBox is up. One of my favorite boxes: Code Review, XSS & Deserialization, followed by a local SSRF & SeImpersonate.

XSS, Deserialization & SeImpersonate - Cereal on HackTheBox

We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root,...

www.youtube.com

4

8

38

Martin Mielke

@xct_de

3 years

My video on Bucket which retired today on #HackTheBox . This one was pretty unique, as we got the chance to play with DynamoDB & S3 buckets.

0

7

34

Martin Mielke

@xct_de

4 years

Another first blood for the ATeam on Breadcrumbs🥳 Thanks @snowscan @ATeamJKR @InfoSecJack @macz01590714 . I enjoyed this box by @helich0pper ! @hackthebox_eu #HackTheBox

2

0

37

Martin Mielke

@xct_de

1 year

Next Video on Wutai is up! We are writing a simple, custom shellcode loader and will get a sliver beacon on the initial machine.

0

10

36

Martin Mielke

@xct_de

4 years

New box by @ATeamJKR and me - I hope you enjoy this one! We certainly had fun building it. Although not being able to compete on a new box is a bit annoying for me ;)

Hack The Box

@hackthebox_eu

4 years

Hack it... but keep it clean 😎 Proper #Hard #Windows Machine created by xct & jkr will go live 13 March 2021 at 19:00:00 UTC. Reel2 will be retired! You still have time to hack your way in at: #HackTheBox #CyberSecurity #InfoSec #Hacking

3

18

49

3

1

35

Martin Mielke

@xct_de

2 years

I'm heading to Vegas for #BlackHat - let me know if you want to chat!

8

1

30

Martin Mielke

@xct_de

2 years

Short writeup on a really cool windows challenge from @bluefrostsec for #EKO2022 .

0

9

28

Martin Mielke

@xct_de

3 years

And it happened again: Another one of my videos got removed, and the appeal got rejected seconds after hitting send (must be automated?). @TeamYouTube can you help? This is the third time now in just a few weeks.

2

25

Martin Mielke

@xct_de

5 months

Heading to @offensive_con - happy to be here again 🍷

0

1

23

Martin Mielke

@xct_de

2 years

Exploiting MTS HW Driver via MmMapLockedPages:

SSD Secure Disclosure

@SecuriTeam_SSD

2 years

🚨 New advisory is now out! 🚨 A vulnerability in MTS driver allows local users to write arbitrary data to sensitive areas of the kernel’s memory which can be exploited to gain elevated privileges:

0

13

53

0

8

23

Martin Mielke

@xct_de

1 year

Awesome first training day! Learning about Azure AD Security with @_dirkjan

Cyber Saiyan / RomHack Conference, Training, Camp

@cybersaiyanIT

1 year

#RomHackTraining started this morning Dirk-jan Mollema (Azure AD Security) and Silvio Cesare (Code review) teaching our studends right now 🔥🔥🔥

0

8

30

1

0

21

Martin Mielke

@xct_de

5 months

@c3l3si4n @offensive_con @Binary_Gecko Nice let’s meet :)

0

2

Martin Mielke

@xct_de

4 months

Just booked my flights and tickets for @codeblue_jp ! Can't wait to attend for the first time. See you there!

0

20

Martin Mielke

@xct_de

6 months

💯

Louis Nyffenegger

@snyff

6 months

Too many people fall into the traps of gamification or certification, focusing on the wrong objectives. Your goal should be to learn, not to be at the top of the leaderboard or merely to pass an exam. [1/2]

9

80

353

0

4

19

Martin Mielke

@xct_de

3 years

@247CTF There is a great post by @_xpn_ using Terraform & DSC. I've built my own lab environment based on that one a while ago.

1

16

Martin Mielke

@xct_de

5 years

#OffensiveCon20 has been amazing! Top-notch content - looking forward to next year. Glad to have met @ATeamJKR , @v1p3r0u5 and many others!

1

2

16

Martin Mielke

@xct_de

5 years

Thank you @avast_antivirus for inviting me to @CyberSecAI . I enjoyed the conference and learned a lot!

0

1

15

Martin Mielke

@xct_de

2 years

Solved the YARA challenge from @SquareCTF by using Valgrind to look at execution length😄

SquareCTF 2022 Yara Challenge "Yet Another Reversing Activity"

SquareCTF 2022 Yara Challenge "Yet Another Reversing Activity" - solve.py

gist.github.com

2

7

15

Martin Mielke

@xct_de

4 months

@rayanlecat @x33fcon On the train to Gdynia right now :)

1

3

Martin Mielke

@xct_de

9 months

@sh3llvik @hackthebox_eu This almost never works, but if it does it's great fun :) The only other case I can remember is the "Armageddon" box shortly after Drupalgeddon2.

2

0

13

Martin Mielke

@xct_de

3 years

@offsectraining @ATeamJKR @snowscan @macz01590714 @InfoSecJack

3

0

14

Martin Mielke

@xct_de

3 years

@thecybermentor I have a small YouTube channel with weekly videos on retiring HackTheBox machines. For the future, I was thinking about adding content for other platforms too.

vulnlab

This channel covers red teaming & penetration testing topics by solving vulnerable machines & labs.

www.youtube.com

1

0

13

Martin Mielke

@xct_de

5 years

Good job team :) Had a lot of fun on this one!

excusemewtf

@excusemewtf_ctf

5 years

#metasploitctf just ended and we scored 2nd! Well played everyone! Looking forward to receive our prizes from @metasploit :)

3

5

43

0

12

Martin Mielke

@xct_de

4 years

@hackthebox_eu Good luck - hope you have fun with this one!

0

12

Martin Mielke

@xct_de

6 years

Just finished my short write-up about Ethereal on @hackthebox_eu . Great box by @egre55 and @MinatoTW_ . You can find it here:

0

3

10

Martin Mielke

@xct_de

3 years

Got mine ;-)

offensivecon

@offensive_con

3 years

#Offensivecon22 registration is OPEN! Remember tickets are limited.

0

32

50

0

9

Martin Mielke

@xct_de

3 years

Thank you guys, I talked to @gynvael and he is helping me on this issue. I hope it will be back soon.

0

9

Martin Mielke

@xct_de

2 years

This is going to be interesting 👀

Vulnlab

@vulnlab_eu

2 years

New machine "Dump" is going live today! Thank you @ATeamJKR for creating this machine for Vulnlab! This is already the second jkr box on the platform 🍾

0

1

20

0

1

9

Martin Mielke

@xct_de

3 years

@szymex73 @hackthebox_eu Congrats 🎉

0

8

Martin Mielke

@xct_de

5 years

@0xdf_ @hackthebox_eu Thanks for the great write-up and box! Another way to System is to use CVE-2019-1315 (which I think was published after the box was released).

1

0

7

Martin Mielke

@xct_de

4 years

@egot1sticalSW @TheCyberGeek19 @_felamos No Windows... 😒

1

0

7

Martin Mielke

@xct_de

2 years

After getting DA here, there are still 2 more domains to pwn :)

1

7

Martin Mielke

@xct_de

1 year

Excited for this one, this will be my first RomHack (and first time visiting Italy).

Cyber Saiyan / RomHack Conference, Training, Camp

@cybersaiyanIT

1 year

📢 📢 #RomHack2023 conference agenda is online 📢 📢 We are happy to announce this year’s incredible lineup Ticket sales will start on Monday, 3 July Check the thread #pleaseRT ⬇️ ⬇️ ⬇️

2

22

37

1

0

6

Martin Mielke

@xct_de

2 years

Got mine 🎉 Don't miss it - OffensiveCon is epic!

offensivecon

@offensive_con

2 years

It's time everybody!!! the OffensiveCon23 ticket shop is now open! Get your tickets quickly, as they tend to run out pretty soon.

4

38

88

0

5

Martin Mielke

@xct_de

5 years

Just got back from #44CON - amazing conference! Particularly enjoyed the SAP security training by @jsantarsieri and the heap exploitation workshop by Max Kamper.

2

5

Martin Mielke

@xct_de

5 years

@hackthebox_eu I especially liked chainsaw by @w1zzcap and absolutezero!

1

0

4

Martin Mielke

@xct_de

3 years

@snowscan @ATeamJKR @InfoSecJack @macz01590714 Awesome job guys🥳 Thanks @tiyeuse for building this one!

0

1

5

Martin Mielke

@xct_de

5 years

@martinbydefault @offsectraining Thanks! I think 30 days are enough to work through the course and you could host the vulnerable applications yourself if you run out of lab time.

0

4

Martin Mielke

@xct_de

3 years

@spaceraccoonsec @offsectraining Congrats!

0

4

Martin Mielke

@xct_de

5 years

@ATeamJKR @snowscan @InfoSecJack @hackthebox_eu That was fun!

0

4

Martin Mielke

@xct_de

1 year

Does anyone know a way to modify the "whenChanged" and "whenCreated" attributes of an object (lab env with full access to DC)?

0

2

4

Martin Mielke

@xct_de

4 years

@snowscan @ATeamJKR @InfoSecJack @macz01590714 Congrats 🥳

0

4

Martin Mielke

@xct_de

2 years

@33y0re @Steph3nSims Great stream - thank you!

0

4

Martin Mielke

@xct_de

6 years

Frolic just retired on @hackthebox_eu . Enjoyed the box a lot, thank you @_felamos ! Here is my short write-up:

0

2

4

Martin Mielke

@xct_de

4 years

@watcher_151 I like it. I did most of my stuff in python before and it's not too hard to switch. My favorite thing are definitely goroutines.

1

0

3

Martin Mielke

@xct_de

4 years

@chvancooten @offsectraining Thanks! I don't think I will write a blog post but feel free to reach out on discord, happy to share my thoughts.

2

0

3

Martin Mielke

@xct_de

3 months

@splinter_code Have fun! Reminds me I bought a copy 2 months ago but didn't start it yet..

2

0

3

Martin Mielke

@xct_de

4 years

@qtc_de @ATeamJKR @hackthebox_eu Congrats! Thanks for the feedback - glad you like it :)

0

3

Martin Mielke

@xct_de

1 year

@snowscan See you tomorrow!

0

3

Martin Mielke

@xct_de

7 months

@_xpn_ @SpecterOps Congrats!

0

3

Martin Mielke

@xct_de

3 years

@_CryptoCat Congrats - Love your content!

1

0

2

Martin Mielke

@xct_de

2 years

@farazsth98 Thank you! I really like these posts.

0

1

Martin Mielke

@xct_de

9 months

@thione_diouf @hackthebox_eu @ATeamJKR @snowscan @macz01590714 @k0zmer Hi, I answered your question on Patreon - If you need further help please send a private message.

0

Martin Mielke

@xct_de

1 year

@szymex73 @hackthebox_eu @ziemni_ @snowscan Congrats!

0

2

Martin Mielke

@xct_de

2 years

@Void_Sec @offensive_con See you in Berlin!

1

0

1

Martin Mielke

@xct_de

4 years

@IanColdwater I'd say Reel2 for a challenging active windows box or really any box made by @ATeamJKR

0

2

Martin Mielke

@xct_de

1 year

@gerr_re @Blomster81 @_sickn3ss_ @offsectraining Congrats!

0

1

Martin Mielke

@xct_de

5 years

@SecGus @jsantarsieri Ahh sorry, did not know you were there :)

0

1

Martin Mielke

@xct_de

4 years

@watcher_151 @snowscan @ATeamJKR @InfoSecJack @macz01590714 @helich0pper @hackthebox_eu I kind of lost interest in making them, need to find some motivation again. Glad you like them though!

1

0

1

Martin Mielke

@xct_de

1 year

@33y0re Congrats!

0

1

Martin Mielke

@xct_de

4 years

@AdrianInkblack Sure, I use kali with alacritty & i3-gaps.

0

1

Martin Mielke

@xct_de

2 years

@davidvalles007 Thanks! Yes, I'll create some more on the other domains & some interesting side vectors in the future.

0

1

Martin Mielke

@xct_de

4 years

@NETKLB @ATeamJKR It's an intentionally vulnerable system that will be released on @hackthebox_eu this week, allowing people to practice their hacking skills ;)

1

0

1

Martin Mielke

@xct_de

2 years

@Cyber_Nlnja @offsectraining Thank you! I think it is, AWE is the only 400-level course at the moment.

0

1

Martin Mielke

@xct_de

1 year