An Offensive Security Blog

Notes on red-teaming, Active Directory, and breaking things that should not break.

Sep 18, 2025

Raiding Unraid: XSS to Hypervisor Takeover

Chaining a stored cross-site scripting vulnerability in the Unraid web GUI into full hypervisor host takeover.

XSSVulnerability ResearchWeb App PentestingUnraidSecurity ResearchExploit Development
Nov 6, 2024

Files that Coerce: Search Connectors and Beyond

Abusing Windows file formats like search connectors and library files to coerce forced authentication and relay it across Active Directory.

CoercionForced AuthenticationNTLMWebDAVSearch ConnectorActive DirectoryPentesting
Feb 17, 2024

DNS Hijacking: Say My Name

Techniques for taking over and manipulating Windows DNS records without credentials to coerce and relay NTLM and Kerberos authentication.

DNS TakeoverNTLMKerberosRelayingActive DirectoryPentesting