00xryzinn1ghtm4r3.hashnode.devIDOR Fallout: Leaking 2 Million Sensitive Files with a Simple TrickWhen you see a public bug bounty program that has been running for over a decade, the assumption is usually that it's been picked completely clean. Every obvious endpoint has been hammered, and every 1d ago·8 min read
SRSatyam Rastogiinsatyamrastogi.hashnode.devShields Up Defense Tech: Red Team Attack Surface ExpansionOriginally published on satyamrastogi.com Analysis of how cybersecurity defense technologies introduce new attack surfaces. Red team perspective on exploiting AI-powered security tools, cloud-native defenses, and zero trust architectures for initial...2m ago·5 min read
MRMohammad Reza Mirzadzareinblog.mirzadzare.netIP Spoofing to Account Takeover: You Patched It? Really?Abstract In my previous article, I described how I found a security flaw in a popular desktop app's OAuth flow that allowed me to steal any user's account with just one click. I reported it, saw it pa2d ago·7 min read
00xryzinn1ghtm4r3.hashnode.devBug Bounty Cartel Stories - 1 Year Later“Can a man still be brave if he’s afraid?” “That is the only time a man can be brave.” — George R.R. Martin, A Game of Thrones. - This article was originally published on December 28, 2025, on my GitHub page. I’m republishing it here as part of the ...4d ago·13 min read
NDnickson diazinpruba.hashnode.devDream Job-1 | HackTheBoxSherlock Scenario You are a junior threat intelligence analyst at a Cybersecurity firm. You have been tasked with investigating a Cyber espionage campaign known as Operation Dream Job. The goal is to gather crucial information about this operation. E...3d ago·5 min read
NDnickson diazinpruba.hashnode.devCampfire-1 | HacktheboxDificultad: Very Easy Scenario Alonzo Spotted Weird files on his computer and informed the newly assembled SOC Team ASAP. Assessing the situation it is believed Kerberoasting attack may have occurred in the network. It is your Job to confirm the find...3d ago·6 min read
NDnickson diazinpruba.hashnode.devSmartyPants | HackTheBoxSherlock Scenario Forela’s CTO, Dutch, stores important files on a separate Windows system because the domain environment at Forela is frequently breached due to its exposure across various industries. On 24 January 2025, our worst fears were realise...3d ago·5 min read
NDnickson diazinpruba.hashnode.devXML RAT | CyberdefendersScenario A compromised machine has been flagged due to suspicious network traffic. Your task is to analyze the PCAP file to determine the attack method, identify any malicious payloads, and trace the timeline of events. Focus on how the attacker gain...3d ago·5 min read
NDnickson diazinpruba.hashnode.devUFO-1 | HackTheBoxSherlock Scenario Being in the ICS Industry, your security team always needs to be up to date and should be aware of the threats targeting organizations in your industry. You just started as a Threat intelligence intern, with a bit of SOC experience....3d ago·5 min read
NDnickson diazinpruba.hashnode.devReaper | hacktheboxSherlock scenario Our SIEM alerted us to a suspicious logon event which needs to be looked at immediately . The alert details were that the IP Address and the Source Workstation name were a mismatch .You are provided a network capture and event logs ...3d ago·5 min read