PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code that contains…
CVE
Microsoft Exchange CVE-2021-34473 Exploit | TryHackMe LookBack
We covered a scenario where we performed a vulnerability scanning with Nikto on a vulnerable windows machine that led…
Microsoft Outlook NTLM Vulnerability | CVE-2023-23397 Demo
We covered the recent Microsoft Outlook NTLM Vulnerability CVE-2023-23397 that could lead to NTLM hash leak if successful. Also…
The Eternal Blue Exploit | HackTheBox Blue | Beginner Track
In this post, we covered the eternal blue exploit as part of HackTheBox Beginner Track. Machine Name : HackTheBox…
Exploiting Microsoft Windows Active Directory Certificate Service | CVE-2022-26923
Introduction We covered the recent vulnerability CVE-2022-26923 that affected Microsoft Windows Active Directory Certificate Service which allowed for local…
Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527)
Introduction Per Microsoft, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file…
Exploiting Server Side Request Forgery (SSRF) | HackTheBox Kotarak
In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using…
JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE
Premise In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘…
How to test if your exchange server is compromised and vulnerable
Premise In this post, I will briefly talk about testing your on-premises Microsoft exchange server is vulnerable to CVE-2021-26855,…