APAmal PKinblog.amalpk.in·May 8 · 7 min readHackthebox Fluffy Walkthrough — Windows Seasonal BoxFluffy is a realistic Windows Active Directory (AD) machine on Hack The Box's Seasonal track that simulates a corporate environment with common misconfigurations and vulnerabilities often seen in real00
Cctfsecinblog.ctfsecurity.com·May 2 · 2 min readHackTheBox: Freelancer - Blind SQLi to Domain AdminFreelancer is a medium-rated HackTheBox machine that chains a blind SQL injection vulnerability into full Active Directory compromise. Here's my full walkthrough. Reconnaissance Starting with a standa00
MSMOHIT SINGH PAPOLAinblog.reapsec.com·Apr 19 · 11 min readAirTouchOVERVIEW So as always we are given an IP so let’s start the enumeration using NMAP ENUMERATION So there are only two ports that are opened one is SSH and other one is SNMP so if you do script sca00
LSLakshaya Sharmainblog.langersword.in·Apr 19 · 8 min readMaking Sense of Noncesense: Breaking Crypto with CRTCryptography is one of the most important safeguards applied over any data. To make data unreadable for unintended people is a really complex task, since if the encryption is not complex enough, it co00
NINeville Iregiinm0ng00s3-blog.hashnode.dev·Mar 21 · 12 min readHack The Box Lab: ThreeOrganizations of every type, size, and industry are using the cloud for a wide variety of use cases, such as data backup, storage, disaster recovery, email, virtual desktops, software development and 00
LSLEWIS SAWEinlewisawe.hashnode.dev·Mar 18 · 3 min readJavaScript De-obfuscation HTB WalkthroughIntroduction In this module, we explore JavaScript deobfuscation, the process of reversing obfuscated JavaScript code to understand its true functionality. Obfuscation is a technique used by both legi00
LSLEWIS SAWEinlewisawe.hashnode.dev·Mar 18 · 3 min readIntroduction to Malware Analysis, Skills Assement - HTB Skills Assessment A cybersecurity incident has been announced. Incident Responders have swiftly collected a malware sample (apple.exe) from the implicated machine. Your responsibility now is to perfor00
CCh4os1inch4os1.hashnode.dev·Mar 16 · 3 min readInstalling the Latest Certipy on HTB Pwnbox: A Step-by-Step GuideIf you're doing Active Directory certificate attacks on HackTheBox, you've probably heard or used Certipy - the incredible tool by Oliver Lyak for PKI abuse. However, if you've tried installing it on 00
EWEricson Williansinscarletbuffer.hashnode.dev·Feb 26 · 5 min readWhen Deserialization Meets eval(): Anatomy of a Full-Stack CompromiseSecurity incidents rarely hinge on a single catastrophic bug. More often, they emerge from layered design shortcuts — each individually survivable, but collectively fatal. This case study examines a r00
ADAmeer Deeninameerdeen.hashnode.dev·Feb 21 · 11 min readMastering Footprinting: How I Navigated HTB Academy’s Skills Assessment (Easy to Hard)1. Footprinting Skill Assessment – Easy Walkthrough Scenario: We were commissioned to assess an internal DNS server belonging to Inlanefreight Ltd. The objective was to enumerate the system thoroughly00
