Craft CMS CVE-2023-41892 Vulnerability Exploitation | POC
We covered the CVE-2023-41892 proof of concept that affected Craft CMS manually and with Metasploit framework. CVE-2023-41892…
CVE
PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code…
Microsoft Exchange CVE-2021-34473 Exploit | TryHackMe LookBack
We covered a scenario where we performed a vulnerability scanning with Nikto on a vulnerable windows machine…
Microsoft Outlook NTLM Vulnerability | CVE-2023-23397 Demo
We covered the recent Microsoft Outlook NTLM Vulnerability CVE-2023-23397 that could lead to NTLM hash leak if…
The Eternal Blue Exploit | HackTheBox Blue | Beginner Track
In this post, we covered the eternal blue exploit as part of HackTheBox Beginner Track. Machine Name…
Exploiting Microsoft Windows Active Directory Certificate Service | CVE-2022-26923
Introduction We covered the recent vulnerability CVE-2022-26923 that affected Microsoft Windows Active Directory Certificate Service which allowed…
Understanding PrintNightmare Vulnerability | (CVE-2021-1675) and (CVE-2021-34527)
Introduction Per Microsoft, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs…
Exploiting Server Side Request Forgery (SSRF) | HackTheBox Kotarak
In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege…
JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE
Premise In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and…
How to test if your exchange server is compromised and vulnerable
Premise In this post, I will briefly talk about testing your on-premises Microsoft exchange server is vulnerable…