This Streamcloud HTB walkthrough demonstrates a realistic Kubernetes pentest from initial cluster discovery to full privilege escalation. You’ll learn practical techniques for enumerating namespaces, identifying exposed kubelets and serviceAccounts, exploiting weak RBAC and misconfigured resources, and how to remediate these issues from a developer and ops perspective. Ideal for pentesters learning K8s attack paths and for engineers wanting to harden clusters.
Boardlight is a medium-difficulty Linux box on Hack The Box that showcases real-world privilege escalation via a vulnerable SUID binary. The machine walks you through basic enumeration, exploiting a web-based login system, and ultimately leveraging the CVE-2022-37706 vulnerability in Enlightenment’s enlightenment_sys utility to gain root access. It’s an excellent box for anyone learning local privilege escalation techniques and digging into command injection through poorly sanitised SUID binaries.
Explore an in-depth walkthrough of the HTB Cap machine, focusing on network packet analysis and leveraging captured data for exploitation. Follow each step from initial reconnaissance to achieving root access, emphasizing practical network security techniques