HackTheBox - Ophiuchi
Deserialization attack on YAML and reversing web assembly
Deserialization attack on YAML and reversing web assembly
Code execution with path traversal
Learn how RID cycling could be used for enumerating AD users
Finding passwords in Group Policy Preferences and roasting Kerberos
Hands on with ShellShock vulnerability
Supplying a malicious update definition to Electron-updater
Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
Exploiting a logic flaw called TicketTrick
Turns SSRF to remote code execution and escape from a Docker container
Exploiting an insecure deserialization on Jackson library and how to mitigate it
Leveraging USBCreator for local privilege escalation on Linux
Unauthenticated RCE as SYSTEM on Windows 10 IoT
Pentesting against simulated AWS S3 Bucket
Enumerating network interfaces of a remote computer via MSRPC and exploit NTLMv1
Learn basic exploitation of Active Directory
Using BloodHound to discover abusable Active Directory groups
Seven times seven is equal to SSTI
Learn how Azure Pipelines can be abused
Example of a phishing attack and PyPI package exploitation
Tunneling with Chisel to deliver a buffer overflow exploit
Abusing Tomcat manager-script roles and escalate to root with LXC container
Abusing Backup Operators group to dump Active Directory database
Exploiting embedded system software
Plundering dead Active Directory accounts
Nest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …
Enumerating public NFS and gain access to sensitive files
SQLi for login bypass and embed webshell to an image file
Exploiting OpenNetAdmin vulnerability and sudo nano