🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Something that made my day recently While going through ippsec's recent video for an HTP box he was solving, I noticed he came across my git RCE analysis during his research. As someone who's learned a ton from his HTB content, that was unexpectedly cool to see! :D

#HackTheBox MonitorsThree is up! The root of this box features exploiting backup software to create and restore a malicious backup. There's also a pretty good example of when to use error based SQL injection as part of getting a foothold on the box. youtu.be/4y2gp_GTBqQ

#HackTheBox Ghost is up! This box feels like you are attacking a small network. Some things we will exploit: LDAP Injection, Rust Webserver, AD Federation, MSSQL Linked Databases, and escalating from a child -> Parent domain via bi-directional trust. youtu.be/4dEmocjKnZg

Device Code Auth is certainly a phish I could see myself falling for, as it blends in with a regular meeting invite and doesn't require entering my password. If you don't know what a Device Code Phish is, check out this video ODsec and I did. youtu.be/Y8SSYLEq15Q

#HackTheBox LinkVortex video is up! An easy box that starts off with discovering a .git dir, which contains a cached file with a cred, that leads to exploiting an outdated version of blogging software. Root is a bash script which we exploit 3 diff ways youtube.com/watch?v=SoPIw2…

If you have valid user creds and you know the victim uses Confluence and SSO, but M365 requires MFA, you can use those credentials to see if you can trigger an SP-Initiated SAML authentication to retrieve an SSO token. It's more complex, but, did this on a red team once.

HackTheBox Administrator video is now up! This is an assumed breach box, meaning we started out with credentials. The path is primarily AD taking advantage of GenericAll to set a password and GenericWrite to set an account up for Kerberoasting: youtu.be/Miam4nw9pmE

New video in my Hackers for Golang series: Dependency Injection. Covers why it’s crucial for clean code, with Python examples before Go. It’s complex but worth learning early. Check it out and let me know your thoughts! youtu.be/BhLpqRev80s

#HackTheBox BigBang Video is up! And it shows something I didn't know was possible, getting RCE on a file_get_contents call within PHP. It is patched as of PHP 8.3.8 (~June 2024) but I'm sure there are unpatched webservers out there. youtube.com/watch?v=Xta6fG…

If anyone is looking for something to watch, Murderbot has been surprisingly good. Apple TV always surprises me with how good their shows are.

#HackTheBox EscapeTwo Video is now up! This is an easy Windows box that starts out with finding an MSSQL Password on a File Share and ends with taking over a user, which can then take over a certificate template (ESC4). Check it out: youtube.com/watch?v=fE6BYs…

PHP Filters are the gift that keeps on giving, it blows my mind that in PHP you can convert an FileOpen() into a File Disclosure, which includes SSRF. Essentially, you use the filter to mutate the file into something much larger so that it causes an error. Then you use another

Just made the Wanderer Prep playlist live! It’s designed to help people get started with the Wanderer Pro Lab on Hack The Box (which I created). Even if you don’t plan on playing Wanderer, I’d still recommend checking this playlist out—it highlights a lot of the techniques I’ve