Skip to content

Commit 99436dd

Browse files
committed
Fix broken URLs and table rendering across the repo
- Replace 3 broken Sherlock writeup links (403 Medium/StumbleSec paywall) - Crown Jewel-1: CyberWired (working) - MisCloud: CyberEthical (working) - OpTinselTrace: GitHub dbissell6/DFIR (working) - Fix 35 markdown tables missing required blank line before header - Affects: cert-prep, machines/easy, machines/hard, fortresses, methodology - Tables now render correctly on GitHub Pages
1 parent 9d03975 commit 99436dd

9 files changed

Lines changed: 51 additions & 3 deletions

File tree

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -184,12 +184,12 @@ DFIR (Digital Forensics & Incident Response) investigation labs. Blue team scena
184184
| Noted | Easy | Notepad++ Artifacts, Data Extortion | [0xdf](https://0xdf.gitlab.io/2024/06/13/htb-sherlock-noted.html) |
185185
| Knock Knock | Easy | PCAP, FTP, Port Knocking, GonnaCry Ransomware | [0xdf](https://0xdf.gitlab.io/2023/12/04/htb-sherlock-knock-knock.html) |
186186
| Bumblebee | Easy | phpBB SQLite, Access Log Analysis | [0xdf](https://0xdf.gitlab.io/2024/05/22/htb-sherlock-bumblebee.html) |
187-
| Crown Jewel-1 | Medium | NTDS.dit Dump, Volume Shadow Copy Service | [Medium](https://stumblesec.com/hackthebox-crownjewel-1-sherlock-walkthrough-2efb81522f2c) |
187+
| Crown Jewel-1 | Medium | NTDS.dit Dump, Volume Shadow Copy Service | [CyberWired](https://www.cyberwiredtraining.net/writeups/htb-sherlock-crownjewel-1-jezdr) |
188188
| Noxious | Medium | LLMNR Poisoning, Rogue Device Detection | [0xdf](https://0xdf.gitlab.io/2024/09/04/htb-sherlock-noxious.html) |
189189
| Subatomic | Medium | Electron Malware, Discord Hijacking | [0xdf](https://0xdf.gitlab.io/2024/04/18/htb-sherlock-subatomic.html) |
190190
| Nubilum-1 | Medium | AWS CloudTrail, PoshC2, Cloud Forensics | [0xdf](https://0xdf.gitlab.io/2024/05/30/htb-sherlock-nubilum-1.html) |
191-
| MisCloud | Medium | GCP Breach, Gitea Vulnerability | [Medium](https://prajshete17.medium.com/writeup-htb-sherlocks-miscloud-medium-93831e2fbf42) |
192-
| OpTinselTrace (1-5) | Hard | Full APT Campaign Investigation (Christmas 2023) | [Medium](https://medium.com/@ari.null/optinseltrace-3-hack-the-box-sherlock-writeup-dae64f3512fe) |
191+
| MisCloud | Medium | GCP Breach, Gitea Vulnerability | [CyberEthical](https://blog.cyberethical.me/htb-sherlock-miscloud) |
192+
| OpTinselTrace (1-5) | Hard | Full APT Campaign Investigation (Christmas 2023) | [GitHub](https://github.com/dbissell6/DFIR/blob/main/WalkThroughs/OpTinselTrace-1-5.md) |
193193
| APTNightmare | Hard | Advanced Persistent Threat Investigation | [GitHub](https://github.com/jon-brandy/hackthebox/blob/main/Categories/Sherlocks/APTNightmare/README.md) |
194194

195195
See the [full Sherlocks index](sherlocks/README.md) for 70+ Sherlocks with writeup links.

fortresses/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,7 @@ The fourth company-created fortress on HTB. Created by Synacktiv, a well-known F
106106
Created by Amazon Web Services to showcase cloud security concepts. Features realistic techniques ranging from web exploitation to cloud privilege escalations for services used by thousands of businesses. Available to Hacker rank and above.
107107

108108
### Key Techniques
109+
109110
| Category | Specific Techniques |
110111
|----------|-------------------|
111112
| Web | OWASP Top 10 exploitation |

machines/easy/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,7 @@ permalink: /machines/easy/
199199
## Machines by Technique
200200

201201
### Web Exploitation
202+
202203
| Technique | Machines |
203204
|-----------|----------|
204205
| SQL Injection | Cronos, Trick, Validation, MetaTwo, PC, Usage, Pandora, Pilgrimage |
@@ -212,6 +213,7 @@ permalink: /machines/easy/
212213
| Deserialization | Precious, NodeBlog |
213214

214215
### Active Directory
216+
215217
| Technique | Machines |
216218
|-----------|----------|
217219
| Kerberoasting | Active |
@@ -223,6 +225,7 @@ permalink: /machines/easy/
223225
| BloodHound Enum | Forest, Sauna |
224226

225227
### Classic Network Exploits
228+
226229
| Technique | Machines |
227230
|-----------|----------|
228231
| EternalBlue (MS17-010) | Blue, Legacy |
@@ -233,6 +236,7 @@ permalink: /machines/easy/
233236
| Default Credentials | Jerry, Mirai, WifineticTwo |
234237

235238
### Privilege Escalation Techniques
239+
236240
| Technique | Machines |
237241
|-----------|----------|
238242
| Sudo Misconfig | Shocker, Knife, Bashed, OpenAdmin, Armageddon |
@@ -288,6 +292,7 @@ permalink: /machines/easy/
288292
## External Resources
289293

290294
### Top Writeup Authors
295+
291296
| Author | URL | Notes |
292297
|--------|-----|-------|
293298
| 0xdf | [0xdf.gitlab.io](https://0xdf.gitlab.io/) | Gold standard HTB writeups, covers nearly every machine |
@@ -297,6 +302,7 @@ permalink: /machines/easy/
297302
| Hackplayers | [github.com/Hackplayers](https://github.com/Hackplayers/hackthebox-writeups) | Community repo (2000+ stars) |
298303

299304
### Machine Lists & Trackers
305+
300306
| Resource | URL |
301307
|----------|-----|
302308
| TJNull OSCP-Like List | [NetSecFocus Trophy Room](https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/) |

machines/hard/README.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
9797
## Machines by Technique Category
9898

9999
### Active Directory
100+
100101
| Machine | Specific AD Technique |
101102
|---------|-----------------------|
102103
| Sizzle | ADCS, SCF File, Kerberoasting, CLM Bypass |
@@ -121,6 +122,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
121122
| EscapeTwo | NTLM Relay, ADCS ESC4 |
122123

123124
### ADCS (Active Directory Certificate Services)
125+
124126
| Machine | ESC Variant |
125127
|---------|-------------|
126128
| Sizzle | Certificate-Based Auth |
@@ -133,6 +135,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
133135
| EscapeTwo | ESC4 |
134136

135137
### Web Exploitation (Advanced)
138+
136139
| Machine | Specific Technique |
137140
|---------|--------------------|
138141
| Falafel | Type Juggling + Boolean Blind SQLi |
@@ -146,6 +149,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
146149
| MonitorsThree | Cacti SQLi + Duplicati |
147150

148151
### Binary Exploitation
152+
149153
| Machine | Specific Technique |
150154
|---------|--------------------|
151155
| Tally | SQL Server + Rotten Potato |
@@ -156,6 +160,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
156160
| NanoCorp | Custom Protocol Binary Analysis |
157161

158162
### Deserialization (Advanced)
163+
159164
| Machine | Specific Technique |
160165
|---------|--------------------|
161166
| Scramble | .NET BinaryFormatter |
@@ -165,11 +170,13 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
165170
| Napper | .NET Implant Reversing |
166171

167172
### Blockchain / Smart Contract
173+
168174
| Machine | Specific Technique |
169175
|---------|--------------------|
170176
| Chainsaw | Solidity Smart Contract Exploit via Ganache |
171177

172178
### Container / Cloud
179+
173180
| Machine | Specific Technique |
174181
|---------|--------------------|
175182
| Stacked | AWS LocalStack Lambda Abuse |
@@ -179,6 +186,7 @@ Chainsaw, Ellingson, Falafel, Stacked, Oouch, Travel, Patents, Intense, Quick, U
179186
| Cerberus | Linux-to-Windows Pivot via SSSD |
180187

181188
### SSRF Chains
189+
182190
| Machine | Specific Technique |
183191
|---------|--------------------|
184192
| Travel | SSRF + Memcached Poisoning |
@@ -216,20 +224,23 @@ For each machine, recommended external writeup sources:
216224
## Certification Relevance
217225

218226
### OSCP (Hard machines that build OSCP skills)
227+
219228
| Machine | Why |
220229
|---------|-----|
221230
| Tally | Multi-service enumeration, SQL Server, Potato attack |
222231
| Blackfield | AS-REP, BloodHound, Backup Operators |
223232
| Falafel | SQLi + creative file write |
224233

225234
### OSEP (Evasion and advanced exploitation)
235+
226236
| Machine | Why |
227237
|---------|-----|
228238
| Reel | Phishing + AppLocker bypass |
229239
| Sizzle | CLM bypass + ADCS + Kerberoasting |
230240
| Object | Jenkins + AD ACL chain |
231241

232242
### CPTS / CRTO (Active Directory focus)
243+
233244
| Machine | Why |
234245
|---------|-----|
235246
| Vintage | Pure AD, Kerberoasting, RBCD, DCSync |
@@ -239,6 +250,7 @@ For each machine, recommended external writeup sources:
239250
| Absolute | Shadow Credentials + Kerberos Relay |
240251

241252
### CRTE (Red Team / Evasion)
253+
242254
| Machine | Why |
243255
|---------|-----|
244256
| Sizzle | Full AD chain with evasion |

machines/medium/README.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
153153
## Machines by Technique Category
154154

155155
### Web Exploitation
156+
156157
| Machine | Specific Technique |
157158
|---------|--------------------|
158159
| Cronos | SQL Injection, Command Injection |
@@ -171,6 +172,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
171172
| Devvortex | Joomla API Info Disclosure |
172173

173174
### Active Directory / Windows Domain
175+
174176
| Machine | Specific Technique |
175177
|---------|--------------------|
176178
| Monteverde | Azure AD Connect |
@@ -179,6 +181,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
179181
| Cicada | SMB Enumeration, SeBackupPrivilege |
180182

181183
### Deserialization
184+
182185
| Machine | Specific Technique |
183186
|---------|--------------------|
184187
| Json | .NET JSON Deserialization |
@@ -189,6 +192,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
189192
| Tenet | PHP Object Deserialization |
190193

191194
### Template Injection (SSTI)
195+
192196
| Machine | Specific Technique |
193197
|---------|--------------------|
194198
| Sandworm | SSTI in PGP Verification (Jinja2) |
@@ -199,6 +203,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
199203
| Nunchucks | Nunjucks SSTI |
200204

201205
### LFI / File Read
206+
202207
| Machine | Specific Technique |
203208
|---------|--------------------|
204209
| Nineveh | LFI + Chkrootkit |
@@ -209,6 +214,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
209214
| Pilgrimage | ImageMagick Arbitrary File Read |
210215

211216
### Binary Exploitation / Custom Protocols
217+
212218
| Machine | Specific Technique |
213219
|---------|--------------------|
214220
| Ellingson | Custom SUID ROP Exploit |
@@ -217,6 +223,7 @@ Sunday (Solaris), OpenKeys (OpenBSD), Poison (FreeBSD), Spectra (ChromeOS)
217223
| Node | Kernel Exploit CVE-2017-16995 |
218224

219225
### Container / Virtualization Escape
226+
220227
| Machine | Specific Technique |
221228
|---------|--------------------|
222229
| Tabby | LXD Group Container Mount |

prolabs/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ permalink: /prolabs/
2121
- **Subnet 2 (172.16.2.0/24):** Internal network requiring pivoting through bastion host
2222

2323
### Known Machines
24+
2425
| Machine | Role | Key Techniques |
2526
|---------|------|----------------|
2627
| DANTE-WEB-NIX01 | Web server (entry point) | Web exploitation, initial foothold |
@@ -65,6 +66,7 @@ permalink: /prolabs/
6566
- **4 Active Directory Domains:** Multi-domain forest with trust relationships
6667

6768
### Techniques Covered
69+
6870
| Category | Specific Techniques |
6971
|----------|-------------------|
7072
| Web Exploitation | PHP RFI, CMS exploitation, web shells |
@@ -101,6 +103,7 @@ permalink: /prolabs/
101103
Created by Rastamouse (creator of CRTO certification). Simulates a realistic corporate environment where all systems are reasonably patched, forcing reliance on misconfigurations and AD weaknesses rather than CVEs.
102104

103105
### Techniques Covered
106+
104107
| Category | Specific Techniques |
105108
|----------|-------------------|
106109
| Initial Access | Phishing campaigns, OSINT on company info |
@@ -142,6 +145,7 @@ Created by Rastamouse (creator of CRTO certification). Simulates a realistic cor
142145
- Each domain has corresponding servers and workstations
143146

144147
### Techniques Covered
148+
145149
| Category | Specific Techniques |
146150
|----------|-------------------|
147151
| AD Enumeration | BloodHound, domain trust mapping |
@@ -177,6 +181,7 @@ Created by Rastamouse (creator of CRTO certification). Simulates a realistic cor
177181
Immersive enterprise AD environment with advanced infrastructure and strong security posture. Systems are fully patched with hardened OS configurations. AV catches default payloads.
178182

179183
### Techniques Covered
184+
180185
| Category | Specific Techniques |
181186
|----------|-------------------|
182187
| AV Evasion | Custom C# payloads, encrypted payloads, obfuscation |
@@ -209,6 +214,7 @@ Immersive enterprise AD environment with advanced infrastructure and strong secu
209214
The most challenging ProLab. Simulates a targeted attack by an external threat agent against a Managed Service Provider (MSP). No CVEs are needed - all attacks exploit misconfigurations and trust relationships. Requires C2 framework usage (Cobalt Strike recommended).
210215

211216
### Techniques Covered
217+
212218
| Category | Specific Techniques |
213219
|----------|-------------------|
214220
| APT Simulation | Long-lasting TTPs, patient attack chains |

resources/cert-prep/README.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,10 @@ Map your HTB journey to professional security certifications.
1818
The gold standard for penetration testing. Focus on manual exploitation, no automated tools.
1919

2020
**Recommended Easy Machines:**
21+
2122
| Machine | OS | Key Skills |
2223
|---------|-----|-----------|
24+
2325
| Lame | Linux | Samba RCE (CVE-2007-2447) |
2426
| Legacy | Windows | MS08-067, MS17-010 |
2527
| Blue | Windows | EternalBlue (MS17-010) |
@@ -41,8 +43,10 @@ The gold standard for penetration testing. Focus on manual exploitation, no auto
4143
| Knife | Linux | PHP 8.1 backdoor, GTFOBins |
4244

4345
**Recommended Medium Machines:**
46+
4447
| Machine | OS | Key Skills |
4548
|---------|-----|-----------|
49+
4650
| Cronos | Linux | DNS zone transfer, SQLi, cron |
4751
| SolidState | Linux | Apache James RCE, cron privesc |
4852
| Poison | Linux | LFI, VNC tunneling |
@@ -60,8 +64,10 @@ The gold standard for penetration testing. Focus on manual exploitation, no auto
6064
HTB's own penetration testing certification. Aligned with HTB Academy modules.
6165

6266
**Recommended Machines:**
67+
6368
| Machine | OS | Key Skills |
6469
|---------|-----|-----------|
70+
6571
| Active | Windows | GPP abuse, Kerberoasting |
6672
| Forest | Windows | AS-REP Roasting, DCSync |
6773
| Cascade | Windows | LDAP enumeration, .NET reversing |
@@ -83,8 +89,10 @@ HTB's own penetration testing certification. Aligned with HTB Academy modules.
8389
Red team operations with Cobalt Strike methodology.
8490

8591
**Recommended Machines:**
92+
8693
| Machine | OS | Key Skills |
8794
|---------|-----|-----------|
95+
8896
| Reel | Windows | Phishing, AppLocker bypass, AD |
8997
| Mantis | Windows | Kerberos MS14-068, AD |
9098
| Sizzle | Windows | ADCS, Kerberos, CLM bypass |
@@ -100,8 +108,10 @@ Red team operations with Cobalt Strike methodology.
100108
Advanced Active Directory attacks and defenses.
101109

102110
**Recommended Machines:**
111+
103112
| Machine | OS | Key Skills |
104113
|---------|-----|-----------|
114+
105115
| Blackfield | Windows | AS-REP, backup operators |
106116
| Multimaster | Windows | Complex AD chain |
107117
| Object | Windows | AD ACL abuse, GenericWrite |
@@ -121,8 +131,10 @@ Focused on web application security.
121131
- Focus on: SQLi, XSS, SSTI, SSRF, Deserialization
122132

123133
**Recommended Machines:**
134+
124135
| Machine | OS | Key Skills |
125136
|---------|-----|-----------|
137+
126138
| Talkative | Linux | Rocket.Chat exploit, Docker escape |
127139
| Forgot | Linux | Redis cache poisoning, password reset |
128140
| Bagel | Linux | .NET WebSocket, deserialization |
@@ -135,6 +147,7 @@ Focused on web application security.
135147

136148
| Level | Cert | HTB Focus | Timeline |
137149
|-------|------|-----------|----------|
150+
138151
| Beginner | OSCP | Easy/Medium machines, Dante ProLab | 3-6 months |
139152
| Intermediate | CPTS | Medium/Hard machines, Offshore ProLab | 4-8 months |
140153
| Advanced | CRTO | Hard machines, RastaLabs/Zephyr | 2-4 months |

resources/cheatsheets/web-application.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,7 @@ shell.jpg.php (if server checks first extension)
202202
```bash
203203
# Separators
204204
; id
205+
205206
| id
206207
|| id
207208
& id

resources/methodology/note-taking.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ Structured template for documenting your HTB machine progress.
2424
[Paste full nmap output]
2525

2626
### Open Ports Summary
27+
2728
| Port | Service | Version |
2829
|------|---------|---------|
2930
| 22 | SSH | OpenSSH 8.9p1 |
@@ -48,6 +49,7 @@ Structured template for documenting your HTB machine progress.
4849
- /api - API endpoint
4950

5051
### Credentials Found
52+
5153
| Username | Password | Where Found |
5254
|----------|----------|-------------|
5355
| admin | password | config file |

0 commit comments

Comments
 (0)