Archangel Writeup: Log Poisoning and $PATH Hijacking on TryHackMe
Feb 8 · 12 min read · Credits Room: “Archangel”Creator: Archangel Introduction The Target: Exploiting LFI to get RCE via Log Poisoning The Problem: The default ../ path was filtered by the server when trying to exploit the LFI The Tools: RustScan, Feroxbuster & FFUF ...
Join discussionNot-So-Common, Common-Sense Security: Insecure Password Storage
Jan 30 · 5 min read · ⚠️ Legal & Ethical DisclaimerThe information presented in this post is provided for educational and informational purposes only. All techniques, tools, and examples discussed are intended to be used only in environments you own or have explicit autho...
Join discussionBurp Suite Extension: Hô biến HTTP History thành Checklist "Sạch kin kít" với Attack Surface Auto-Filter ️
Jan 29 · 6 min read · "Pentest hiện đại là cuộc chiến chống lại sự nhiễu loạn thông tin (Noise)." Nếu bạn là một Pentester hay Bug Hunter thường xuyên làm việc với các hệ thống Web Application/API phức tạp, chắc chắn bạn đã từng trải qua cảm giác này: Mở Burp Suite lên, l...
Join discussionNot-So-Common, Common-Sense Security: Anonymous Enumeration of Active Directory
Jan 2 · 5 min read · ⚠️ Legal & Ethical DisclaimerThe information presented in this post is provided for educational and informational purposes only. All techniques, tools, and examples discussed are intended to be used only in environments you own or have explicit autho...
Join discussionPentesting 개념잡기: 침투 테스트는 해킹과 무엇이 다를까?
Dec 23, 2025 · 4 min read · 보안 관련 개념 정리가 필요하다고 느꼈던 주제 중 하나인 펜테스팅(Penetration Testing)에 대해 살펴보겠습니다. 관련 자료를 찾아보다 보면 흔히 다음과 같은 설명을 접하게 됩니다. “펜테스팅은 합법적인 해킹이다.” 처음 이 표현을 접했을 때, 이해를 돕기 보다는 오히려 혼란을 키운다는 인상을 받았는데요. 해킹이라는 단어 자체가 이미 강한 부정적 이미지를 갖고 있는데, 여기에 ‘합법적인’이라는 수식어가 붙는 이유가 직관적으로 와닿지...
Join discussionWe’re Looking for Senior Pentesters Who Want Something Different
Nov 14, 2025 · 2 min read · SilentWire Cybersecurity isn’t just growing — we’re building a tight, cohesive team of offensive security professionals who believe the industry needs to change. For too long, pentesters have been treated like interchangeable tools inside massive con...
Join discussion
HTB Attacking Common Services Lab (easy) write-up
Oct 3, 2025 · 2 min read · 1. Initial Recon and Service Enumeration Scanning the target to find open doors. sudo nmap -sV 10.129.137.166 Output Snippet: PORT STATE SERVICE 21/tcp open ftp # FTP is open. Check for anon login later. 25/tcp open smtp # SMTP ...
Join discussion
FriendZone - Complete Walkthrough (OSCP preper)
Sep 28, 2025 · 4 min read · nmap Scan : # Nmap 7.94SVN scan initiated Wed Feb 21 18:25:26 2024 as: nmap -Pn -p- --min-rate 2000 -A -oN nmap.txt 10.10.10.123 Nmap scan report for 10.10.10.123 Host is up (0.011s latency). Not shown: 65528 closed tcp ports (reset) PORT STATE SE...
Join discussion
HTB CPTS: Penetration testing process
Sep 23, 2025 · 2 min read · Penetration testing is not only “cool hacking” actions and stunning results. It’s a process which has many stages. Penetration testing process There’s no step by step process in pentesting. There are stages. Each stage builds on the other Stages ...
RRevan commented