H@cktivitycon 2021 - Web

Another late CTF writeups for H@cktivitycon 2021 web category.

HackTheBox - Love

SSRF in beginner-level

HackTheBox - Ready

Turns SSRF to remote code execution and escape from a Docker container

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it