CVE-2023-33831
This vulnerability allowed remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. This is due to…
Moniker Link (CVE-2024-21413)
On February 13th, 2024, Microsoft announced a Microsoft Outlook RCE & credential leak vulnerability with the assigned CVE of CVE-2024-21413 (Moniker Link). Haifei Li of Check Point Research is credited…
TryHackMe: Red Team Capstone Challenge
The Red Team Capstone challenge from TryHackMe is an in-depth network challenge simulating a Red Teaming engagement. The challenge includes several phases structured around the cyber kill chain that will…
TryHackMe: Kitty
Kitty from TryHackMe is a Linux machine running a web application with security vulnerabilities. We are tasked with finding the vulnerabilities and exploiting them to gain root privileges on the…
What Is Log Poisoning?
Logs are records generated by various software applications, operating systems, and network devices to keep track of events and activities. They are essential for monitoring, troubleshooting, and security analysis. Log…
GitLab CVE-2023-7028
This blog is based on TryHackMe's room on GitLab CVE-2023-7028. Learning Objectives Exploit a GitLab CE instance through CVE 2023-7028 How the exploit works Protection and mitigation measures What is…
Reveal Hidden Files in Google Storage
This blog is based on the free lab provided by PwnedLabs. PwnedLabs provides a lot of free labs to practice in the cloud environment on platforms such as AWS, GCP,…
TryHackMe: Reset
Reset is a Windows machine that is part of a domain and consists of many misconfigurations. Our goal is to perform a Pentest as a Red Teamer and exploit the…
HTTP Request Smuggling
This blog is based on the HHTP Request Smuggling room from TryHackMe. What is HTTP Request Smuggling? HTTP Request Smuggling is a vulnerability that arises when there are mismatches in…
TryHackMe: Bulletproof Penguin
Bulletproof plugin is an easy room that deals with hardening security on the common services that run on a Linux machine. This room covers services such as FTP, MySQL, Redis, SSH,…