I understand

https://www.chudamax.com//I understandPersonal blog, information security research 2025-07-24T12:25:32+02:00 Maksim Chudakov https://www.chudamax.com// Jekyll © 2025 Maksim Chudakov /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png User Impersonation: Living Off the Land with the SCCM Client2025-07-24T10:23:03+02:00 2025-07-24T12:24:14+02:00 https://www.chudamax.com//posts/sccmexec-user-impersonation/ Maksim Chudakov

TL;DR Most classic impersonation techniques are well-known and flagged by EDR. The SCCM SMS Agent Host (ccmexec.exe) impersonates users by design, launching trusted binaries in their sessions. By modifying specific SCCM binaries, this enables code execution under user context without custom APIs or alerts. Discovery While testing common impersonation methods, most were immediately flagged by...

HackTheBox - BroScience | Walkthrough2023-04-08T19:00:03+02:00 2023-04-08T19:32:41+02:00 https://www.chudamax.com//posts/htb-broscience/ Maksim Chudakov

BroScience Overview BroScience is a medium-difficulty challenge focusing on web-related vulnerabilities, source code review, and custom code writing for exploitation. This box serves as excellent preparation for the AWAE course, covering many of the same concepts and techniques. The exploitation involves registering a new user, activating the account, logging in, and exploiting a deseriali...

HackTheBox - Sekhmet | Writeup2023-04-01T14:23:03+02:00 2023-04-02T05:15:25+02:00 https://www.chudamax.com//posts/htb-sekhmet/ Maksim Chudakov

Sekhmet Overview Sekhmet is an insane difficulty box: a lot of enumeration, exploitation of NodeJS deserialization, ModSecurity and Windows AppLocker bypass, weak ZIP encryption types, pivoting, dealing with authentication type restrictions, NTLMv2 hashes brute force, and other interesting things. Enumeration Let’s add sekhmet’s IP to the /etc/hosts file. Starting from a standard Nmap sc...

Kerberos 102 - Delegation2023-03-23T10:23:03+01:00 2023-05-08T10:57:32+02:00 https://www.chudamax.com//posts/kerberos-102-delegation/ Maksim Chudakov

[Part 1] - Kerberos 102 - Overview [Part 2] - Kerberos 102 - Delegation [Part 3] - Kerberos 102 - Cross-Realm Operations Overview Kerberos delegation is a feature in the Kerberos authentication protocol that allows services to act on behalf of users. For example, a web server might use Kerberos delegation to authenticate a user and then use that authentication ticket to access a back-end da...

Kerberos 102 - Cross-Realm Operations2023-03-23T09:23:03+01:00 2023-05-08T11:01:11+02:00 https://www.chudamax.com//posts/kerberos-102-cross-realm-operations/ Maksim Chudakov

[Part 1] - Kerberos 102 - Overview [Part 2] - Kerberos 102 - Delegation [Part 3] - Kerberos 102 - Cross-Realm Operations Overview Kerberos cross-realm authentication, is a mechanism that enables users to authenticate and access resources across multiple Kerberos realms (domains). To enable cross-domain authentication, the Kerberos administrators in each realm establish a trust relationship ...