Sam Hilliard

enumeration

  • Exploiting crAPI with jwt_tool

    Exploiting crAPI with jwt_tool

    In this post, I’ll show you how to use jwt_tool to analyze and exploit JWT vulnerabilities in crAPI, an intentionally vulnerable API. We’re going to take a practical approach to learning how to use this tool. So, by the end of this, you’ll be able to use this tool in the real world. Let’s dive

    Read more →

  • Practical amass – How I configure and use amass in my recon flow

    Practical amass – How I configure and use amass in my recon flow

    , ,

    If you’re into recon, you’ve probably heard of amass. It’s a powerful tool for mapping attack surfaces during bug bounty hunting or penetration testing. Here’s why I love it: Instead of repeating what’s already in the official tutorial, I’ll take you through how I use Amass in my bug bounty recon workflow. Global Configuration Once

    Read more →

  • Windows Break ‘N Build Pt. 1 – Setting Up a Vulnerable Domain Controller

    Windows Break ‘N Build Pt. 1 – Setting Up a Vulnerable Domain Controller

    Introduction In Part 0, we set up our lab environment by installing VirtualBox, downloading the Windows Server 2025 ISO, and configuring the virtual machine to boot from the ISO. If you haven’t completed those steps, go back to Part 0 for a full walkthrough. Now, in Part 1, we’ll focus on setting up the Windows

    Read more →

  • Why I Keep Crawling Back to Linux

    Why I Keep Crawling Back to Linux

    Recently, I got a new laptop. Getting a new laptop is always exciting. This one came pre-installed with Windows, so I decided to give it a shot, despite my long history with Linux. Spoiler alert: it didn’t work out. Windows feels like a toxic ex: an embarrassing mistake I keep trying to make work. While

    Read more →

  • Windows Build ‘N Break – Part 0: Lab Setup

    Windows Build ‘N Break – Part 0: Lab Setup

    So, here’s the deal: I recently got banned from Hack The Box. For five years. Why? Apparently, my last blog post leaked a few spoilers. A little harsh in my opinion… Starting off the new year strong!!! 😀 In reflecting on it, though, I’ve realized something. As fun as Hack The Box is, it has

    Read more →

  • Cicada – A HTB Writeup

    Cicada – A HTB Writeup

    It’s been a while since I’ve done a Hack The Box Machine. In this writeup, I’ll be going through my thought process hacking Cicada. This was a fun little Windows box – there was a lot of pivoting and it was a good review of Windows Pentesting, especially after receiving my GPEN. Enough yapping. Let’s

    Read more →