Exploiting Ansible Galaxy Vulnerabilities | HackTheBox Intuition Writeup
Introduction HackTheBox Intuition begins with a series of websites focused on document compression. There’s an authentication site,…
HackTheBox
HackTheBox SolarLab Writeup
For this Hack the Box (HTB) machine, I utilized techniques such as enumeration, user pivoting, and privilege…
HackTheBox Mailing Writeup
The article explains a HackTheBox challenge involving a compromised email service. It guides readers through investigating the…
TeamCity & Portrainer Web Exploitation | HackTheBox Runner CTF Walkthrough
In this post, we demonstrated and covered the solution to HackTheBox Runner machine which involves basic enumeration,…
Laravel PHP Vulnerabilities | CVE-2018-15133 | HackTheBox Academy CTF Walkthrough
In this post, we demonstrated Laravel PHP CVE-2018-15133 and conducted privilege escalation by finding stored credentials. This…
Detecting Active Directory Kerberos Attacks | HackTheBox Sherlocks Campfire-1 & 2
In this post, we covered the solution walkthroughs for two HackTheBox Sherlock challenges, which are, HackTheBox Campfire-1…
Exploit Minecraft Server | HackTheBox Crafty Walkthrough
In this post, we covered the solution of HackTheBox Crafty machine where we showcased the exploitation of…
Craft CMS Exploitation | HackTheBox Surveillance Walkthrough
We covered the walkthrough of HackTheBox Surveillance where we demonstrated the exploitation of the recent vulnerability CVE-2023-41892…
Forensics CTF Challenges | HackTheBox Red Miners
Description In the race for Vitalium on Mars, the villainous Board of Arodor resorted to desperate measures,…
OSINT Case Studies P2 | Blockchain & Manhunt | HackTheBox Block Hunt3r & Missing in action
We covered the second part of open source intelligence case studies as part of HackTheBox OSINT track….
Open Source Intelligence Case Studies | HackTheBox Easy Phish, Infiltration & ID Exposed.
We covered multiple OSINT case studies and challenges from HackTheBox, namely Easy Phish, Infiltration & ID Exposed,…
Node js Command Injection Explained | HackTheBox JSCalc
We covered command injection and execution in Node JS. The scenario included an input box that passes…
Domain Redirection Bypass Explained | HackTheBox RenderQuest & ProxyAsAService
We covered practical examples of bypassing domain redirection restrictions. In the first example we used a Webhook…
Exploiting Python Pickle with SQL Injection | HackTheBox C.O.P
We covered the python pickle library and explained why it’s not secure any more. Additionally we demonstrated…
Microsoft Office Word Document Malware Analysis | HackTheBox Diagnostic
We covered analyzing a sample Microsoft office word document using oletools to extract relevant Macros and links….
Server Side Template Injection (SSTI) Explained | HackTheBox Neonify
We covered Server Side Template Injection vulnerability and demonstrated a practical scenario using HackTheBox Neonify web challenge….
Command Injection Explained | OWASP TOP 10 | HackTheBox LoveTok
We briefly explained command injection as one of the top 10 web application vulnerabilities. Command injection allows…
Cleaning a Linux Infected Machine | HackTheBox PersistenceIsFutile
We covered an incident response scenario from HackTheBox named PersistenceIsFutile where we went over an infected Linux…
Local File Inclusion & Log Poisoning Explained | HackTheBox Toxic
We covered local file inclusion that is a web application vulenrability. We also covered the concept of…
Memory Forensics with Volatility | Searching For Encrypted Files | HackTheBox TrueSecrets
We covered conducting memory forensics using Volatility framework. The scenario involved a memory dump file that assumingly…