Dec 8, 2025 · 8 min read · Trong quá trình theo dõi nhóm APT Tomiris, chúng tôi đã phát hiện một loạt chiến dịch tấn công mới bắt đầu từ đầu năm 2025. Các hoạt động này nhắm vào các bộ ngoại giao, tổ chức liên chính phủ, và cơ quan nhà nước, cho thấy mục tiêu rõ ràng là cơ sở ...
Join discussion
Dec 1, 2025 · 4 min read · AESRevShell is a highly secure 🔐 reverse shell tool that uses AES-GCM (256-bit) encryption and ECDH (Curve P-256) to ensure encrypted and protected communication between the server and the client. Link to the tool: https://github.com/OusH4x/AESRevS...
Join discussion
Oct 20, 2025 · 4 min read · Transferring files During any penetration testing exercise, it is likely that we will need to transfer files to the remote server. There are few options for this: One method is running a Python HTTP server on our machine and then using wget or cUR...
Join discussion
Aug 9, 2025 · 2 min read · Problem Statement Prerequisites Network fundamentals (IP addresses, ports) netcat (basics like creating simple server) Familiarity in using a reverse shell Solution Our goal is to execute/run the shell on the server somehow, so how can we do it...
Join discussionJul 30, 2025 · 2 min read · Welcome to another breakdown in the R.A.V.E.N. series — a branded, modular approach to privilege escalation. Today, we're dissecting a black box engagement on HTB’s “GetSimple” machine, where remote exploitation leads to root access through theme tem...
Join discussion
Jul 4, 2025 · 2 min read · Oopsie: When Access Control is a Suggestion Let’s set the scene: it’s a Friday in 2025, the world’s still spinning, and I’m jacked into the HackTheBox VPN, ready to see what fresh horrors await in the Oopsie lab. The name alone suggests someone, some...
Join discussion
Jul 1, 2025 · 4 min read · In this walkthrough, we exploit a vulnerable machine titled Lazy Admin on TryHackMe. The target is running a SweetRice CMS instance with known vulnerabilities. Our objectives are to gain user-level access and ultimately escalate privileges to retriev...
Join discussion
Jun 29, 2025 · 4 min read · Introduction Self-learning cybersecurity is a gauntlet of frustration and revelation. Traditional resources—endless forums, scattered documentation, and YouTube rabbit holes—often leave you stranded at the first error message or cryptic tool output. ...
Join discussion
Jun 24, 2025 · 2 min read · Motivation When attempting to debug an issue, it can be challenging to reproduce the problem on the machine used in the CI/CD process, especially if it is different from the local development environment. Because there is no direct access to the runn...
Join discussionJun 18, 2025 · 3 min read · This article will cover the RootMe write-up under Challenges on THM. Deploy the machine Connect to the TryHackMe network and deploy the machine. If you don't know how to do this, complete the OpenVPN room first. Reconnaissance First, let's get inform...
Join discussion