Skip to content
View plur1bu5's full-sized avatar
5 followers · 2 following

Achievements

Achievement: Quickdraw

Achievements

Achievement: Quickdraw

Block or report plur1bu5

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
plur1bu5/README.md
plur1bu5

Blog LinkedIn

Hey, I'm Mohamed (aka plur1bu5). Penetration tester, red teamer, offensive security researcher, and cybersecurity engineering student at INPT. CPTS certified, HackTheBox Grandmaster. My main focus is Active Directory penetration testing, red teaming, and web application security, and I'm currently expanding into cloud, Kubernetes, and CI/CD pipeline security.

I recently got a fix merged into Impacket —raiseChild's golden ticket forging was broken on patched Windows Server 2022 because it stripped PAC buffers that modern DCs now validate, and silently ignored AES keys. That research led to TrustFull, a tool I built for AD trust enumeration and exploitation with multiple child-to-parent escalation techniques.

I've written working PoCs for CVE-2025-2945 (RCE in pgAdmin 4 via eval() injection), CVE-2024-51482 (blind SQLi in ZoneMinder), and CVE-2019-15949 (RCE in Nagios XI) when no working public exploits for me existed at the time.

Day to day I work with Impacket, BloodHound, Certipy, CrackMapExec/nxc, Burp Suite, and various C2 frameworks (Sliver, Havoc, Mythic). I also do DFIR and SOC work when needed, I've done Boss of the SOC competitions and Splunk hunting, and I like understanding both sides.

On the CTF side, I'm a core member of Never7, one of Morocco's top teams, 1st at Cyber Warfare Warezone, 1st at AUSIM Cyber Drill, 2nd at Cyber Odyssey Finals, 3rd at NullHat Morocco, among others. I also compete internationally with 0xfun (ranked 2nd globally) where we placed 1st at KnightCTF 2026 and Pragyan CTF 2026. Previously part of QnQSec, where I helped organize our first international CTF (3000+ players), challenge design, infra, sponsorship, the whole thing.

I write about all of this at plur1bu5.dev. 40+ writeups covering AD enterprise forest labs, HackTheBox machines, CTF challenges, and security research including adversarial ML and entropy analysis. The Impacket debugging writeup is probably the best starting point.

Open to internships, pentesting & red team roles, and collaborations — reach me at contact@plur1bu5.dev

Pinned Loading

  1. CVE-2024-51482-PoC CVE-2024-51482-PoC Public

    Authenticated time-based blind SQL injection PoC for ZoneMinder CVE-2024-51482 (v1.37.* <= 1.37.64)

    Python 10

  2. TrustFull TrustFull Public

    Active Directory trust enumeration and exploitation tool. Detects cross-domain attacks (Kerberoasting, delegation, foreign ACLs, ..) and implements ExtraSids for parent-child escalation.

    Python 6

  3. RocketMine RocketMine Public

    RocketChat pillaging tool, dumps users, channels, groups, DMs and files via API. Originally built for a pentest, now open source.

    Python 1

  4. kali-build kali-build Public

    Ansible playbook to automate a Kali Linux pentest environment setup.

    Jinja

  5. targetedKerberoast targetedKerberoast Public

    Forked from ShutdownRepo/targetedKerberoast

    Kerberoast with ACL abuse capabilities

    Python

  6. fortra/impacket fortra/impacket Public

    Impacket is a collection of Python classes for working with network protocols.

    Python 15.7k 3.9k