WordPress XXE Vulnerability | CVE-2021-29447 TryHackMe
We covered a wordpress XXE vulnerability CVE-2021-29447 that allows for sensitive files disclosure and server-side request forgery…
CVEs and Public Exploits
Active Directory Basics | TryHackMe COMPTIA Pentest+
Introduction This article serves as the final installment in the TryHackMe CompTIA Pentest+ series. It aims to…
The Eternal Blue Exploit | HackTheBox Blue | Beginner Track
In this post, we covered the eternal blue exploit as part of HackTheBox Beginner Track. Machine Name…
Exploiting Microsoft Windows Active Directory Certificate Service | CVE-2022-26923
Introduction We covered the recent vulnerability CVE-2022-26923 that affected Microsoft Windows Active Directory Certificate Service which allowed…
Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527)
Introduction Per Microsoft, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs…
Numeric SQL Injection Vulnerability | OWASP Webgoat Lab
In this post, We demonstrated numeric SQL Injection Vulnerability using OWASP WebGoat Lab. Numeric SQL injection is…
Investigating Conti Ransomware on Microsoft Exchange with Splunk | TryHackMe
In this post, we investigated the Conti ransomware that hit Microsoft Exchange via a series of vulnerabilities….
Exploiting Server Side Request Forgery (SSRF) | HackTheBox Kotarak
In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege…
The ShellShock Vulnerability Explained | HackTheBox Shocker
Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be…
The Log4j Vulnerability Explained
This video is a detailed tutorial on the Log4J vulnerability (CVE-2021-44228), explaining its critical impact, how it…
Microsoft Exchange Server Hafnium Hack Explained
Overview of the Hafnium Microsoft Hack This article discusses a Microsoft Exchange Server vulnerability that has affected…