We selected 11 machines in the #PEN200 #pwk labs and provided guidance on how to compromise them: offs.ec/3OJFXDi

#oscp #offensivesecurity

Useful for local privesc on Windows systems; find unquoted service path using the following:

wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """

#OSCP #Windows