Hard

Pirate — Hard Windows (Active Directory, ADFS, Hyper-V Pivot) Pirate is a Hard-rated Windows Domain Controller that simulates a real-world internal penetration test engagement — you start with low-privileged domain credentials and must chain together gMSA password abuse, ADFS DKM key extraction, Hyper-V guest pivoting, NTLM relay with RBCD, and constrained delegation SPN hijacking to achieve Domain Admin. The sheer number of convincing-but-wrong paths makes this box genuinely difficult: expect to enumerate deeply, get excited about several rabbit holes, and ultimately succeed through a surprisingly simple network observation that seven sessions of complex tunneling failed to surface. ...