All Walkthroughs

Browse through our comprehensive collection of CTF walkthroughs and security writeups

Showing walkthrough

Fluffy - HackTheBox
HackTheBox Easy
Jan 16, 2026 15 min read

Fluffy - HackTheBox

Easy-difficulty Windows Active Directory box featuring CVE-2025-24071 SMB coercion for initial access, Shadow Credentials attacks via GenericWrite abuse for lateral movement, and ADCS ESC16 exploitation for privilege escalation to Domain Admin.

#Active Directory #BloodHound #CVE-2025-24071 #Certificate Abuse #ESC16
Read more