Scrambled is a medium difficult Windows box. The box involves enumerating a website for credentials, using those credentials to move laterally a couple times for additional access, then take advantage of weak serialization to catch a shell as SYSTEM.
Escape is a medium difficulty Windows box. The box involves pillaging SMB shares for low-privilege MS SQL credentials, capturing an NTLM hash from the service account, using that service account's access to move laterally, then abusing a weak certificate template that allows us to escalate privilege to Administrator.
Authority is a medium difficulty Windows box. The box involves pillaging SMB shares for credentials to a web application that uses LDAP for password changes, capturing credentials from the Active Directory (AD) account that is used to make those changes, then getting privilege escalation through AD Certificate Services (CS) and a Resource-based Constrained Delegation (RBCD) attack.
Sauna is an easy difficulty Windows box. The box involves enumerating a webpage to get possible user accounts, check for weak accounts that are ASREPRoast-able, then further enumerating the box to get access to an account that has privileges to perform a DCSync attack.
Timelapse is an easy difficulty Windows box. The box is focused primarily on enumeration, with little tool usage or “exploitation”. You enumerate an unrestricted SMB share, move laterally through finding plaintext credentials, enumerate the Administrator password with those credentials, and finally privilege escalate to Domain Admin through dumping the SAM.
Support is an easy difficulty Windows box. The box is focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse into a Resource-Based Constrained Delegation (RBCD) attack. Initial access can be gotten by decompiling company-specific software and enumerating LDAP.
EscapeTwo is an easy difficulty Windows box. The box is focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse, shadow credential attacks, and attacking a weak template for privilege escalation.
Administrator is a medium difficulty Windows box, it's focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse, kerberoasting, and privilege escalation through DCSync.
Certified is a medium difficulty Windows box that focuses on abusing Active Directory Discretionary Access Control Lists (AD DACL) and misconfigured certificate enrollment templates.
SteamCloud is an easy rated Linux box that is running a Kubernetes cluster. While relatively simple, I have no experience with Kubernetes so this was all new for me. This box includes exposed API ports, Kubernetes pod RCE, and creation of an attack pod for privilege escalation.