"Online Casino Roulette – A guideline for penetration testers and security researchers"
Online Reverse Shell Generator.
Just published: "HackTheBox - Travel"
Tl;Dr: The best designed box I did so far but quite tough. You start with Git repo extract. Then blind SSRF -> Object Deserialization exploit -> Memcached injection using Gopher -> RCE. And LDAP privesc for root.
aes-finder: Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.
Vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.
Oouch... that sucks...
Someone is claiming to have lost $16,000,000 (1400 Bitcoins) due to installing an old Electrum wallet version that is running malicious servers.
It's a wild wild west out there, be careful!
Just published: "Quick - HackTheBox"
Tl;Dr: For user flag, HTTP3/Quic protocol, then Edge-Side Include injections to get a reverse shell.
For the root flag you pivot to server admin using race condition in printer app and find root creds in a conf file
"Auth bypass: Leaking Google Cloud service accounts and projects"
"Stealing local files using Safari Web Share API"
"Bypassing Antivirus with Golang – Gopher it!"
Just published a writeup "Magic - HacktheBox"
Tl;Dr: Really cool box that required to chain common vulnerabilities. For user flag, SQLi to bypass login, upload blacklist bypass and creds reuse. For the root flag you had to hijack `$PATH` on SUID binary 💉
"FritzFrog: A New Generation of
"How to contact Google SRE: Dropping a shell in cloud SQL"
Great finding and writeup 👍
Tl;Dr: Arbitrary file write using MySQL -> Parameter injection in mysqldump -> dropping shell using a reverse shell shared object included in a malicious database.
"0-day vulnerability in GOG Galaxy Client v2.0.19"
Tl;Dr: GOG Galaxy Client Local Privilege Escalation Deuce using DLL injection.
"Just another Null Byte Poison via Unicode variant (MuPDF mutool RCE)"
CVE-2020-11518: How I bruteforced my way into your Active Directory (Zoho).
"RootTheBox CTF Framework": A fast, efficient and lightweight (~100 KB) Capture The Flag framework (in Flask) inspired by the HackTheBox platform.
Security Researcher & Privacy Activist. 🐘 DM are welcome for any questions.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!