I’m officially CRTP certified!

I would like to express my gratitude to Nikhil Mittal and the Altered Security team for delivering this great certification and course. The exceptional support they provided throughout the entire journey was truly impressive. Here is the link:

https://www.credential.net/9b36a171-479b-4885-b1c1-792528a07269#acc.ZcH7lUSE

What Is CRTP?

Machine Information

• Difficulty: Medium
• Key Concepts: Kerberoasting, LDAP Enumeration, BloodHound Analysis, Active Directory Privilege Escalation, Deleted Object Recovery, ADCS ESC15 Vulnerability

Overview

TombWatcher is a Medium Windows machine from HackTheBox that demonstrates a complex Active Directory attack path involving Kerberoasting, group membership manipulation, GMSA password extraction, ownership changes, recovering and restoring deleted AD objects, and ultimately exploiting an ADCS vulnerability (ESC15) to achieve domain administrator privileges.