🧰 Writeup Overview Attack Flow & Key Steps 🔻 Initial Access: Phishing Email SMTP → Malicious Macro-Enabled Document ODS 🔻 Execution: User enables content → Macro executes → Downloads &...

🧰 Writeup Overview Bypass Oracle 9’s security protocol and access the sealed transmission via Vulnerability Known as AI Prompt Injection Oracle9 CTF Challenge | TryHackMe We simply write a sp...

🧰 Writeup Overview This walkthrough explains how to analyze and decrypt Covenant C2 traffic to uncover attacker actions and recover. We have a zip file evidence-1724741326043.zip that contains th...

🧰 Writeup Overview This writeup details the step-by-step exploitation of an Active Directory(AD) environment vulnerable to Kerberos attacks, with a focus on AS-REP Roasting. It covers the initial ...

🧰 Writeup Overview Compromised outdated Apache Tomcat using default credentials and a malicious WAR payload for initial access, then escalated to root via a writable cron-executed script. Thomps...

🧰 Writeup Overview This challenge revolves around subdomain enumeration. TakeOver CTF Challenge | TryHackMe Discovery DNS && Subdomain Our website is located at https://futurevera.th...

🧰 Writeup Overview This writeup explains the reverse-engineering of the provided ELF binary Compiled.Compiled, culminating in finding the correct input that triggers the message Correct!. Compil...

🧰 Writeup Overview is a Linux-based machine that focuses on: Subdomain enumeration to uncover a hidden elFinder file manager Remote Code Execution (RCE) via a vulnerable PHP connector in elF...

🧰 Writeup Overview we focus on advanced paging, directory obfuscation, and exploiting vulnerabilities within JetBrains TeamCity. You will bypass authentication (CVE-2024-27198) and execute remote ...

🧰 Writeup Overview we bypassed the login page using an SQL injection and discovered an endpoint vulnerable to LFI. By chaining PHP filters, we turned the LFI into RCE and gained an initial foothol...