BigBang from Hack The Box starts off with a very tricky vuln chaining a file read in a WordPress plugin to a buffer overflow in Glibc to get RCE. Then there's Grafana and an Android APK. 0xdf.gitlab.io/2025/05/03/htb…

#HackTheBox BigBang Video is up! And it shows something I didn't know was possible, getting RCE on a file_get_contents call within PHP. It is patched as of PHP 8.3.8 (~June 2024) but I'm sure there are unpatched webservers out there. youtube.com/watch?v=Xta6fG…

A new module has been merged into NetExec: change-password🔥 Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by FaganAfandiyev, Mehmetcan TOPAL and me

💥New Ep 158: "MalwareTech"💥 👀 He finally tells all. You're not going to believe it. I've been waiting for this one for a long time. I'm so happy it's finally here. darknetdiaries.com/episode/158

piece of cake 🍰. Easy box are always 1-2 steps and ur in, the same with root just few steps and ur done. Used my military technique to get the flag 😁, I was bored with that cleanup script.

Looks can be deceiving 😶‍🌫️ 2 new labs are coming to the #HackTheBox platforms this week! 🔵 Trojan, a Sherlock where you analyze the different pieces of evidence to extract IOCs and reconstruct the phases of the infection, created by MrManj 🔴 Puppy, an #HTB Seasons Machine

Congratulation to the winners 🎉

A good starting point from season 8, nice machine from Amanuel Hack The Box for a nice box

A new NetExec module just got merged: eventlog_creds🔥 It parses Windows Event ID 4688 logs (from "Audit Process Creation") to extract credentials from CMD and PowerShell commands. E.g. "net user username password /add" will be detected. Made by Lodos2005

We have just released our official writeup for the UrchinSec DTS Finals CTF challenge: 🔥 hackmd.io/@urchinsec/urc…

Things I need right now; A congratulations email or I just might lose it (Not Spams). A 2-5k$ a month role An offensive security role that I'll actually love and will learn so much on.

Well this was very interesting machine for the weekend, but with my opinion this was supposed atleast to be medium 😁. anyway Ggs #htb #fluffy #urchinsec

This was a very interesting machine today 😁 from #htb ofcz I learned something new today Ggs to Tahaa Farooq hashghost nich0laus 🎭

🚨 OSCP GIVEAWAY ALERT🚨 We’re giving away 3 OSCP vouchers to supercharge your pentesting journey – proudly sponsored by OffSec ! 💥🙌 To enter: 1.✅ Follow Us 2.🔁 Retweet this post 3.❤️ Like this post 4.💬 Reply with your funniest cybersecurity meme 🎯 We’ll pick 3

🔍⬆️ Ready to level up your PEN-200 skills? Join us for our next #OffSecLive session where we’ll walk through the PG Practice Apex machine, step by step. From information gathering to public exploits, fixing code, and tackling password attacks, this session is packed with

Just need some time to rest for sure. It was a nice box for the weekend. Ggs Tahaa Farooq nich0laus 🎭 Hack The Box

"Quitting is not a solution. Phishing is the solution." 😂😂🫵 cc Tahaa Farooq alien keric urchinsec I just pwned Sorcery on Hack The Box! hackthebox.com/achievement/ma… #HackTheBox #htb #CyberSecurity #EthicalHacking #InfoSec #PenTesting

CVE-2025-49113

Done with #Rustykey, good work by EmSec 👾 , it was a nice machine alot of troubleshooting in and out, going back to school stuffs now. Ggs to Tahaa Farooq nich0laus 🎭 hashghost

How to find the Entra ID sync server - A new NetExec module🔎 Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀