Archives
- 22 Sep VL Lustrous2
- 09 Jul Tool Review: WinSSH
- 01 Jul VL Intercept
- 05 May Shinra & Wutai Videos
- 28 Jan VL Shinra Part 4 - Reverse Engineering, Binary Exploitation & Ansible
- 18 Jan VL Shinra Part 3 - Initial Payload Design, Host Enumeration & getting SYSTEM
- 10 Jan VL Shinra Part 2 - Enumerate, Enumerate, Enumerate!
- 08 Jan Real World CTF 2023 – NonHeavyFTP
- 07 Jan VL Shinra Part 1 - SQLi, Command Injection & Hash Cracking
- 03 Nov Ekoparty 2022 BFS Windows Challenge
- 24 Sep Windows Kernel Exploitation - Arbitrary Memory Mapping (x64)
- 17 Sep SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox
- 09 Sep Browser Exploitation: Firefox OOB to RCE
- 27 Aug Resource-Based Constrained Delegation - Resourced @ PG-Practice
- 16 Jul Active Directory, JEA & Random Stuff – Acute @ HackTheBox
- 14 Jul Windows Kernel Exploitation - HEVD x64 Use-After-Free
- 10 Jul Windows Kernel Exploitation - HEVD x64 Type Confusion
- 02 Jul Windows Kernel Exploitation - HEVD x64 Stack Overflow
- 01 Jul Windows Kernel Exploitation - VM Setup
- 14 Jun Bypassing DEP with VirtualProtect (x86)
- 12 Jun Bypassing DEP with WriteProcessMemory (x86)
- 29 Jan ASP, Windows Containers, Responder & NoPAC - Anubis @ HackTheBox
- 22 Jan SSRF & Python Debugger - Forge @ HackTheBox
- 19 Jan Lab - Baby Walkthrough
- 16 Jan Lab - Rainbow Walkthrough
- 15 Jan XSS, Tab Nabbing & Rust Reversing – Developer @ HackTheBox
- 08 Jan About Kerberos Silver Tickets
- 08 Jan Command Injection & Path Hijacking - Previse @ HackTheBox
- 27 Dec Lab - Lustrous Walkthrough
- 11 Dec Lab – Exploiting Log4Shell (CVE-2021-44228)
- 05 Dec Stealing Hashes with Responder, GPO Permissions & Unintended Ways - Vault @ PG Practice
- 27 Nov Password Spraying, gMSA, ADIDNS & Constrained Delegation - Intelligence @ HackTheBox
- 20 Nov LDAP, WebDAV, LAPS & Unintended Solutions - Hutch @ PG Practice
- 06 Nov Active Directory, Reverse Engineering & Unintended Solutions - Pivotapi @ HackTheBox
- 16 Oct Dynamic DNS & Command Injection - Dynstr @ HackTheBox
- 09 Oct SSRF into Responder, gMSA Password & SeRestorePrivilege - Heist @ PG Practice
- 25 Sep SEH Based Buffer Overflow with Space Limitations - Kevin @ PG Practice
- 18 Sep HTTP Request Smuggling & AWS - Sink @ HackTheBox
- 10 Sep On Disabled Windows Privileges
- 09 Sep SEH Based Buffer Overflow & DLL Hijacking - UT99 @ PG Practice
- 04 Sep Command Injection, Prototype Pollution & Kubernetes - Unobtainium @ HackTheBox
- 28 Aug PHP Zerodium Backdoor & Sudo Knife - Knife @Hack The Box
- 28 Aug FTP to Web Shell & SeImpersonate – AuthBy @ PG Practice
- 21 Aug SQLi, ToC/ToU & Arbitrary File Write - Proper @ HackTheBox
- 14 Aug DNS Rebinding, XSS & 2FA SSH - Crossfit2 @ HackTheBox
- 31 Jul JWT & Docker CVE - TheNotebook @ HackTheBox
- 24 Jul Drupalgeddon & Sudo Snap Install - Armageddon @ HackTheBox
- 17 Jul LFI to RCE, Sticky Notes & SQLi - Breadcrumbs @ HackTheBox
- 10 Jul Electron-Updater RCE - Atom @ HackTheBox
- 03 Jul SnakeYAML, Go & WebAssembly - Ophiuchi @ HackTheBox
- 26 Jun WordPress & Initctl on ChromeOS - Spectra @ HackTheBox
- 19 Jun Squidception, OpenSMTPD & Kerberos - Tentacle @ HackTheBox
- 12 Jun PHP Unserialize & Race Condition - Tenet @ HackTheBox
- 29 May XSS, Deserialization & SeImpersonate - Cereal @ HackTheBox
- 22 May Getting Access through the Helpdesk - Delivery @ HackTheBox
- 15 May Exploiting Gitlab 11.4.7 & Escaping a Privileged Docker Container - Ready @ HackTheBox
- 10 May Angr & Basic Binary Exploitation - Binary Heaven @ TryHackMe
- 08 May Vim RCE & OpenBSD Binary Exploitation - Attended @ HackTheBox
- 01 May .NET Remoting & WCF - Sharp @ HackTheBox
- 30 Apr Year of the Jellyfish @ TryHackMe
- 24 Apr DynamoDB & S3 Buckets - Bucket @ HackTheBox
- 17 Apr Exploiting Gitlab 12.8.1 - Laboratory @ HackTheBox
- 10 Apr APT @ HackTheBox
- 03 Apr Hacking Time @ HackTheBox
- 28 Mar Passage @ HackTheBox
- 27 Mar Luanne @ HackTheBox
- 20 Mar Crossfit @ HackTheBox
- 13 Mar Reel2 @ HackTheBox
- 27 Feb Academy @ HackTheBox
- 21 Nov Buff @ HackTheBox
- 30 Jul Sauna @ HackTheBox
- 11 Jul Book @ HackTheBox
- 04 Jul ForwardSlash @ HackTheBox
- 27 Jun Player2 @ HackTheBox
- 13 Jun Monteverde @ HackTheBox
- 06 Jun Nest @ HackTheBox
- 02 Jun P.O.O. Endgame @ HackTheBox
- 30 May Resolute @ HackTheBox
- 23 May Rope @ HackTheBox
- 16 May Patents @ HackTheBox
- 09 May Obscurity @ HackTheBox
- 02 May OpenAdmin @ HackTheBox
- 18 Apr Mango @ HackTheBox
- 11 Apr Traverxec @ HackTheBox
- 04 Apr Registry @ HackTheBox
- 02 Apr Control @ HackTheBox
- 28 Mar Sniper @ HackTheBox
- 21 Mar Forest @ HackTheBox
- 14 Mar Postman @ HackTheBox
- 07 Mar Bankrobber @ HackTheBox
- 29 Feb Scavenger @ HackTheBox
- 27 Feb Dream Diary 3 @ HackTheBox
- 22 Feb Zetta @ HackTheBox
- 15 Feb Json @ HackTheBox
- 01 Feb RE @ HackTheBox
- 25 Jan AI @ HackTheBox
- 18 Jan Player @ HackTheBox
- 28 Dec InfernoCTF Weakened Keys
- 16 Dec TMHCxHTB Matrix Madness
- 17 Aug Heist @ HackTheBox
- 03 Aug Safe @ HackTheBox
- 03 Aug Release: Ropstar
- 03 Aug Fortune @ HackTheBox
- 20 Jul Craft @ HackTheBox
- 06 Jul Hackback @ HackTheBox
- 30 Jun Haystack @ HackTheBox
- 22 Jun Building a simple coverage based fuzzer for binary code
- 10 Jun Writeup @ HackTheBox
- 10 Jun Smasher 2 @ HackTheBox
- 25 May Luke @ HackTheBox
- 18 May Ellingson @ HackTheBox
- 16 May SwagShop @ HackTheBox
- 15 May Ghoul @ HackTheBox
- 04 May OneTwoSeven @ HackTheBox
- 28 Apr Unattended @ HackTheBox
- 28 Apr Bastion @ HackTheBox
- 27 Apr Irked @ HackTheBox
- 14 Apr Kryptos @ HackTheBox
- 13 Apr RedCross @ HackTheBox
- 13 Apr LaCasaDePapel @ HackTheBox
- 30 Mar Curling @ HackTheBox
- 28 Mar Helpline @ HackThebox
- 28 Mar Arkham @ HackTheBox
- 23 Mar Frolic @ HackTheBox
- 16 Mar Carrier @ HackTheBox
- 09 Mar Ethereal @ HackTheBox
- 06 Mar Abusing Diaghub
- 02 Mar Access @ HackTheBox
- 22 Feb Zipper @ HackTheBox
- 16 Feb Giddy @ HackTheBox
- 08 Feb Ypuffy @ HackTheBox