Comprehensive analysis of security threats in Large Language Models (LLMs), attack techniques like prompt injection, and practical case study from the A.D.I.C. 7 challenge at CyberH2O CTF.
Write-up of the third and final machine from the CyberH2O cyberchallenge, an industrial environment with SNMP, OPC UA, Node-RED and privilege escalation.
Write-up of the second machine from the CyberH2O cyberchallenge, a hybrid environment with Docker containers and privilege escalation via Portainer.
Write-up of the first challenge of the CyberH2O cyberchallenge, focused on OSINT to locate an exposed PLC in a specific municipality.
Cascade write-up (HackTheBox): Windows media machine that exploits LDAP to enumerate users and hidden attributes, obtains VNC credentials from log, reverses .NET binary for AES key, and recovers admin password from deleted objects in Active Directory Recycle Bin.
Critical analysis of RustScan, the tool that promised to scan ports much faster than Nmap. Is it truly revolutionary or just an aggressive wrapper? Real comparison with advanced Nmap configurations that achieve more accurate and faster results.
First web challenge in the HackTheBox series completed. We learn how to bypass a hardcoded login in JavaScript, discover a secret area with a list of emails, and use Intruder (ZAP or Burp) to find the special address that reveals the flag.
Vault write-up (HackTheBox): average Linux machine that exploits file upload with filter bypass to obtain initial shell, pivots through OpenVPN and internal networks to escalate privileges and obtain root.
Write-up of a classic ASIS CTF challenge: bypassing a preg_match filter that prohibits letters (A-Za-z) using XOR to generate strings without letters that, when executed in eval(), call functions such as phpinfo() or show_source(). A very useful technique for understanding type juggling and WAF bypass in PHP.
Curling write-up (HackTheBox): easy Linux machine that exploits Joomla with credentials leaked in comments, uploads webshell via template, obtains floris credentials via password_backup, and escalates to root with DirtySock (CVE-2019-7304).
Explanation of how to exploit a JWT vulnerability by changing the algorithm (RS256 → HS256) and using the public key as the secret. PoC based on the Moar Horse 4 challenge from TJCTF 2020.
Exploiting XSS with filter bypass using HTML encoding and eval+atob to perform CSRF and exfiltrate sensitive administrator information in a CTF.