noise
Talks, labs, videos and other things. Noise I made in public.
## conference talks
-
Shedding Light
How OpenGraph enables TaskHound to expose Hidden Attack Paths in Active Directory
[SO-CON 2026 | SpecterOps]
[watch on youtube]
## public appearances
-
Know Your Adversary | ProSec GmbH with Special Guest Robin Unglaub (Ep. 11)
Talking about how TaskHound was born and the problems it solves
[Know Your Adversary Podcast | SpecterOps]
## boxes & labs
Boxes I built for VulnLab (RIP VL :sad:), migrated to HackTheBox after the platforms merged. All of them based on real engagements.
-
Retro
User-as-Pass, Pre2K, ESC1
[HTB Machine | Easy | Windows] -
Trusted
Web Stuff, DLL Hijack, Trust Abuse
(Also features the stupidest unintended solution on the planet. Haunts me to this day.)
[HTB Mini ProLab | Advanced] (HTB login required) -
Tengu
Node-RED, MSSQL, Fun with Kerberos in hardened environments
[HTB Mini ProLab | Advanced] (HTB login required)
## achievements and certs
Proof that I can stay awake for 48 hours and still spell my own name on the report. Mostly.
-
NVIDIA Product Security Acknowledgement
For a vuln in GeForce NOW
[NVIDIA | 2026] -
Adversary Tactics: Red Team Operations
[SpecterOps] -
CRTO
Certified Red Team Operator
[ZeroPoint Security] -
OSCP+ /
OSCP
Offensive Security Certified Professional
[OffSec] -
OSEP
Offensive Security Experienced Pentester
[OffSec]
## video walkthroughs
-
VulnLab Retro: Walkthrough
[YouTube | xct's channel] -
VulnLab Kaiju: Walkthrough Part 2
[YouTube | xct's channel]