Comprehensive analysis of security threats in Large Language Models (LLMs), attack techniques like prompt injection, and practical case study from the A.D.I.C. 7 challenge at CyberH2O CTF.
Write-up of the third and final machine from the CyberH2O cyberchallenge, an industrial environment with SNMP, OPC UA, Node-RED and privilege escalation.
Write-up of the second machine from the CyberH2O cyberchallenge, a hybrid environment with Docker containers and privilege escalation via Portainer.
Write-up of the first challenge of the CyberH2O cyberchallenge, focused on OSINT to locate an exposed PLC in a specific municipality.
Write-up of simple CTF challenges (web and stego/crypto): type juggling in PHP, impossible conditions with is_numeric, hidden parameters in source, and stego with Stegsolve/hex.
PwnLab write-up: Init (Vulnhub): LFI with wrappers, file upload for RCE and escalation via SUID/PATH and injection in echo.
We create a dictionary with the suspect's password pattern, attack a symmetric PGP with a dictionary, and decrypt the Templar encryption to recover the FLAG.
Write-up of Fighter (HackTheBox): medium-level Windows machine exploiting time-based SQLi to extract credentials, gets RCE via xp_cmdshell + msbuild NPS payload, and escalates to SYSTEM with Capcom.sys (CVE-2019-7253) + bypass of checks.
Quaoar write-up (VulnHub): a simple machine for getting started in pentesting. We exploit WordPress with default credentials and upload a webshell for RCE, then escalate to root with DirtyCow.