Sam Hilliard

opinion

  • Practical amass – How I configure and use amass in my recon flow

    Practical amass – How I configure and use amass in my recon flow

    , ,

    If you’re into recon, you’ve probably heard of amass. It’s a powerful tool for mapping attack surfaces during bug bounty hunting or penetration testing. Here’s why I love it: Instead of repeating what’s already in the official tutorial, I’ll take you through how I use Amass in my bug bounty recon workflow. Global Configuration Once

    Read more →

  • Windows Break ‘N Build Pt. 1 – Setting Up a Vulnerable Domain Controller

    Windows Break ‘N Build Pt. 1 – Setting Up a Vulnerable Domain Controller

    Introduction In Part 0, we set up our lab environment by installing VirtualBox, downloading the Windows Server 2025 ISO, and configuring the virtual machine to boot from the ISO. If you haven’t completed those steps, go back to Part 0 for a full walkthrough. Now, in Part 1, we’ll focus on setting up the Windows

    Read more →

  • Why I Keep Crawling Back to Linux

    Why I Keep Crawling Back to Linux

    Recently, I got a new laptop. Getting a new laptop is always exciting. This one came pre-installed with Windows, so I decided to give it a shot, despite my long history with Linux. Spoiler alert: it didn’t work out. Windows feels like a toxic ex: an embarrassing mistake I keep trying to make work. While

    Read more →

  • Windows Build ‘N Break – Part 0: Lab Setup

    Windows Build ‘N Break – Part 0: Lab Setup

    So, here’s the deal: I recently got banned from Hack The Box. For five years. Why? Apparently, my last blog post leaked a few spoilers. A little harsh in my opinion… Starting off the new year strong!!! 😀 In reflecting on it, though, I’ve realized something. As fun as Hack The Box is, it has

    Read more →

  • Cicada – A HTB Writeup

    Cicada – A HTB Writeup

    It’s been a while since I’ve done a Hack The Box Machine. In this writeup, I’ll be going through my thought process hacking Cicada. This was a fun little Windows box – there was a lot of pivoting and it was a good review of Windows Pentesting, especially after receiving my GPEN. Enough yapping. Let’s

    Read more →

  • Windows Situational Awareness – Where the shell am I?

    Windows Situational Awareness – Where the shell am I?

    When you first get access to a host, oftentimes all you’re given is a prompt for a shell. And this is great if all you’re looking for is proof that you can compromise a single host. But, more often than not, an attacker isn’t going to stop there. They’re going to take over other user

    Read more →