We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sti...

We are going to solve Atom, a 30-point machine on HackTheBox where we’ll analyze an electron app and exploit its updater. For root we will enumerate the running Redis instance, find an encrypted ka...

We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom program we can execute with sudo, which loads a web assembly file and executes...

My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replac...

We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑 (🦑 )), exploiting OpenSMTPD and some Kerberos.

We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race condition.

We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.

We are going to solve Delivery, a 20-point machine on HackTheBox. For user, we will bypass email verification on a local Mattermost instance by opening a helpdesk ticket and using its temporary ema...

We are going to solve Ready, a 30-point machine on HackTheBox. For user, we exploit the “Import Repo by URL” Feature in Gitlab to SSRF into Redis and add a background job which then gives us a reve...

We are going to solve “Binary Heaven”, a room on TryHackMe. It starts with some light reversing and debugging, and then we exploit a simple stack overflow followed by path hijacking for root.