blog.berzi.oneTryHackMe Anonymous CTF Writeup 2025💡 please note that “<ip>” in this writeup stands for the target machine’s IP given by THM I did an nmap scan for all possible ports ▶ nmap -p- <ip> Starting Nmap 7.94SVN (https://nmap.org) at 2025-02-01 15:38 EST Nmap scan report for <homeip> Host...May 4, 2025·3 min read
blog.berzi.oneAzure's defense against Subdomain takeoverHow exactly does a subdomain takeover occur? basically it is when what we have a dangling DNS record for an Azure resource (a VM or a Web app). When the Azure resource is deleted, the corresponding CNAME record stays. The attacker can find the respe...Mar 20, 2025·3 min read
blog.berzi.oneeJPT-CTF-1: Assessment Methodologies: Information Gathering CTF 1This lab focuses on information gathering and reconnaissance techniques to analyze a target website. Participants will explore various aspects of the website to uncover potential vulnerabilities, sensitive files, and misconfigurations. By leveraging ...Feb 12, 2025·2 min read
blog.berzi.oneBypass Really Simple Security Tryhackme Writeup/WalkthroughWordPress is one of the most popular open-source Content Management Systems (CMS) and it is widely used to build websites ranging from blogs to e-commerce platforms. In November 2024, a critical vulnerability was discovered in the Really Simple Secur...Feb 4, 2025·12 min read
blog.berzi.oneActive Directory: Hell-bent on KerberosSounds darn good I know right? It’s equally much of a headache. Kerberos is an authentication protocol that’s made and maintained by MIT and used in numerous applications like in Windows Active Directory. Kerberos was derived from the greek word “Cer...Jan 21, 2025·6 min read
