XML External Entity Injection Explained | EP1 | OWASP WebGoat
We demonstrated and explained practically XML External Entity Injection using OWASP WebGoat lab. An XML External Entity…
CTF Writeups
String SQL Injection Vulnerability Explained | EP3 | OWASP WebGoat
We covered the third part that discusses string SQL injection vulnerability using OWASP WebGoat lab. String SQL…
OSINT Case Studies P2 | Blockchain & Manhunt | HackTheBox Block Hunt3r & Missing in action
We covered the second part of open source intelligence case studies as part of HackTheBox OSINT track….
Open Source Intelligence Case Studies | HackTheBox Easy Phish, Infiltration & ID Exposed.
We covered multiple OSINT case studies and challenges from HackTheBox, namely Easy Phish, Infiltration & ID Exposed,…
Node js Command Injection Explained | HackTheBox JSCalc
We covered command injection and execution in Node JS. The scenario included an input box that passes…
Domain Redirection Bypass Explained | HackTheBox RenderQuest & ProxyAsAService
We covered practical examples of bypassing domain redirection restrictions. In the first example we used a Webhook…
Microsoft Office Word Document Malware Analysis | HackTheBox Diagnostic
We covered analyzing a sample Microsoft office word document using oletools to extract relevant Macros and links….
Server Side Template Injection (SSTI) Explained | HackTheBox Neonify
We covered Server Side Template Injection vulnerability and demonstrated a practical scenario using HackTheBox Neonify web challenge….
Command Injection Explained | OWASP TOP 10 | HackTheBox LoveTok
We briefly explained command injection as one of the top 10 web application vulnerabilities. Command injection allows…
Cleaning a Linux Infected Machine | HackTheBox PersistenceIsFutile
We covered an incident response scenario from HackTheBox named PersistenceIsFutile where we went over an infected Linux…
Local File Inclusion & Log Poisoning Explained | HackTheBox Toxic
We covered local file inclusion that is a web application vulenrability. We also covered the concept of…
Memory Forensics with Volatility | Searching For Encrypted Files | HackTheBox TrueSecrets
We covered conducting memory forensics using Volatility framework. The scenario involved a memory dump file that assumingly…
Android Forensics | Mobile Forensics | HackTheBox Cat
We covered the subject of Mobile forensics and briefly went over the scenario of data extraction from…
HeartBleed Vulnerability and Tmux Exploitation | HackTheBox Valentine
We used HackTheBox Valentine machine to demonstrate HeartBleed Vulnerability and privilege escalation through tmux terminal multiplexer. Valentine…
Analyzing Malicious Microsoft Office Word Document | HackTheBox Emo
We covered analyzing an office document that has an embedded Macro code written in Visual Basic. The…
Investigating a Hacked Webserver with Ecnrypted PHP Webshell | HackTheBox Obscure
We covered an incident response scenario that involved using forensics skills to investigate a webserver hacked by…
Redis NoSQL Database Exploit Using SSH | HackTheBox Postman
We covered the enumeration of Redis NoSQL database server and exploitation using SSH. This was part of…
Hardware Hacking P5 | Analyzing SDR Signals | HackTheBox RFlag
We covered another hardware hacking challenge from hackthebox where we analyzed an signal file captured using software-defined…
Session ID Hijacking With Burp Suite | OverTheWire Natas Level 20
We covered OverTheWire Natas 19-20 level. In this level, the web application used an if statement to…
Decoding SSTV and Audio Signals | Hardware Hacking P4 | HackTheBox Signals
We covered the fourth part of hardware hacking series where we used HackTheBox Signals for demonstration purposes….