In this web content, we explore the Securi-Tay 2020 TryHackMe boot-to-root challenge, highlighting the various unconventional techniques used to gain access to a target system. The article details an adventure filled with port misconfigurations, steganography,…
Category: Interesting Stuff
The article provides walkthroughs for various challenges in the PicoCTF 2025 competition, focusing on different aspects of cybersecurity such as cryptography, reverse engineering, and web exploitation. It details methods for cracking hashes, decoding encrypted…
This article provides a personal review of the CompTIA Security+ (SY0–701) exam preparation journey, highlighting effective strategies and resources used for studying. It emphasizes the importance of understanding core concepts and practical application over r…
A wave of cybersecurity incidents has revealed vulnerabilities across various platforms, affecting developers, healthcare providers, enterprises, and individuals. Notably, npm packages were compromised to steal sensitive information, a critical flaw was patche…
This article discusses various known attack surfaces and potential risks associated with GitLab, highlighting a range of vulnerabilities, including Remote Code Execution (RCE), SSRF, XSS, and permission escalation issues. The information covers the history of …
In a chaotic quest to reclaim the Dragon’s Heart, Sir Alaric must confront Lord Malakar, who has cursed villagers into ducks. The solution involves exploiting a coding vulnerability to bypass security measures and execute a ‘duck_attack’ function, showcasing t…
This article provides an educational overview of PsExec, a Windows utility for executing commands on remote systems using valid user credentials. It discusses the process of performing penetration testing using PsExec, including scanning for SMB services, brut…
This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defend…
This article provides a detailed write-up on a recent Active Directory exploitation exercise. The author, known as Maverick, shares their experiences and methods used for exploiting vulnerabilities such as NTLM relay attacks, credential dumping, and privilege …
A critical vulnerability identified as CVE-2025-29927 has been discovered in Next.js, a widely-used web framework. This flaw enables attackers to bypass middleware-based authorization, posing significant security risks for applications built on Next.js, includ…
Biotech firms, holding sensitive data such as patient genomes and drug formulas, are prime targets for cyberattacks due to their high value. Cybercriminals can exploit such data for financial gain, leading to risks that include compromised patient safety and l…
This article discusses updates made to BloodHound, specifically regarding how it handles ownership permissions in Active Directory. The introduction of the BlockOwnerImplicitRights setting aims to reduce false positives related to ownership permissions, enhanc…
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing…
The TCS HackQuest competition serves as a recruitment event for Tata Consultancy Services, targeting final-year undergraduate and postgraduate students. The selection process includes three categories and consists of two CTF rounds followed by an interview. De…
This article outlines strategies for maximizing the benefits of the PEN-200 labs in preparation for the OSCP exam, highlighting the importance of report writing, personal lab development, and the establishment of a structured testing methodology.