Pwned by a Profile Picture: How a Web Upload Toppled an Entire Domain

A full technical walk-through of a chained attack that moved from a client-side validation bypass on a public ITSM portal to complete Active Directory compromise—with no zero-days required.