Operation Blackout 2025: Phantom Check
Feb 18 · 5 min read · Talion suspects that the threat actor carried out anti-virtualization checks to avoid detection in sandboxed environments. Your task is to analyze the event logs and identify the specific techniques used for virtualization detection. Byte Doctor requ...
Join discussionPhishNet | Hackthebox
Feb 18 · 6 min read · An accounting team receives an urgent payment request from a known vendor. The email appears legitimate but contains a suspicious link and a .zip attachment hiding malware. Your task is to analyze the email headers, and uncover the attacker’s scheme....
Join discussionElectricBreeze-1 | HackTheBox
Feb 18 · 7 min read · Sherlock Scenario Your security team must always be up-to-date and aware of the threats targeting organizations in your industry. As you begin your journey as a Threat Intelligence Intern, equipped with some SOC experience, your manager has assigned ...
Join discussionHackTheBox ReactOOPS (Web challenge) — Full Walkthrough
Feb 17 · 3 min read · ReactOOPS is a web-focused challenge that demonstrates how modern JavaScript frameworks can introduce critical backend vulnerabilities when misconfigured. In this walkthrough, we enumerate a Next.js application, identify a vulnerable React Server Com...
Join discussionHackTheBox Sequel (Linux Room) — Full Walkthrough
Feb 10 · 3 min read · This write-up follows the same format and structure as my previous articles, combining short theoretical questions with a practical walkthrough to demonstrate how a misconfigured MySQL/MariaDB service can expose sensitive data. Task 1 During our sca...
Join discussionHackTheBox Dancing (Windows Room) — Full Walkthrough
Feb 8 · 3 min read · This article covers a mix of theoretical knowledge and hands-on practice focused on the SMB (Server Message Block) protocol. Using the Dancing room on HackTheBox, I demonstrate how basic SMB enumeration works in a real environment and how misconfigur...
Join discussionHackTheBox Redeemer (Linux Room) — Full Walkthrough
Feb 8 · 3 min read · This article focuses on identifying and exploiting a misconfigured Redis service using the Redeemer room on HackTheBox. It combines essential theory with hands-on enumeration to show how exposed Redis instances can leak sensitive data. Task 1 Which ...
Join discussionUFO-1 | HackTheBox Sherlocks Writeup
Feb 4 · 3 min read · Questions: According to the sources cited by Mitre, in what year did the Sandworm Team begin operations? Pretty straightfoward. Just google Sandworm Team andyou’ll find the MITRE listing about them. Answer: 2009 Mitre notes two credential access ...
Join discussion