2d ago · 3 min read · Originally published at recca0120.github.io You need to connect to a machine behind NAT with no public IP and inbound traffic blocked. The usual answers are VPN or ngrok-style tunnels, but both require setup on the target. reverse_ssh has the target ...
Join discussionDec 8, 2025 · 8 min read · Trong quá trình theo dõi nhóm APT Tomiris, chúng tôi đã phát hiện một loạt chiến dịch tấn công mới bắt đầu từ đầu năm 2025. Các hoạt động này nhắm vào các bộ ngoại giao, tổ chức liên chính phủ, và cơ quan nhà nước, cho thấy mục tiêu rõ ràng là cơ sở ...
Join discussion
Oct 20, 2025 · 4 min read · Transferring files During any penetration testing exercise, it is likely that we will need to transfer files to the remote server. There are few options for this: One method is running a Python HTTP server on our machine and then using wget or cUR...
Join discussion
Aug 9, 2025 · 2 min read · Problem Statement Prerequisites Network fundamentals (IP addresses, ports) netcat (basics like creating simple server) Familiarity in using a reverse shell Solution Our goal is to execute/run the shell on the server somehow, so how can we do it...
Join discussionJul 30, 2025 · 2 min read · Welcome to another breakdown in the R.A.V.E.N. series — a branded, modular approach to privilege escalation. Today, we're dissecting a black box engagement on HTB’s “GetSimple” machine, where remote exploitation leads to root access through theme tem...
Join discussion
Jul 4, 2025 · 2 min read · Oopsie: When Access Control is a Suggestion Let’s set the scene: it’s a Friday in 2025, the world’s still spinning, and I’m jacked into the HackTheBox VPN, ready to see what fresh horrors await in the Oopsie lab. The name alone suggests someone, some...
Join discussion
Jul 1, 2025 · 4 min read · In this walkthrough, we exploit a vulnerable machine titled Lazy Admin on TryHackMe. The target is running a SweetRice CMS instance with known vulnerabilities. Our objectives are to gain user-level access and ultimately escalate privileges to retriev...
Join discussion
Jun 29, 2025 · 4 min read · Introduction Self-learning cybersecurity is a gauntlet of frustration and revelation. Traditional resources—endless forums, scattered documentation, and YouTube rabbit holes—often leave you stranded at the first error message or cryptic tool output. ...
Join discussion
Jun 24, 2025 · 2 min read · Motivation When attempting to debug an issue, it can be challenging to reproduce the problem on the machine used in the CI/CD process, especially if it is different from the local development environment. Because there is no direct access to the runn...
Join discussion
