Latest articles

cybersecurity insights & updates

Welcome to my cybersecurity blog, where I share insights, tips, and in-depth articles on the latest trends and challenges in the digital security landscape. Explore the latest posts below, each offering practical advice, detailed analysis, and solutions to help you stay secure in an increasingly connected world.

Article Image
THM - Hammer

In this lab, we performed a brute-force attack to crack a 4-digit PIN with a rate limit of 8 attempts. Once the PIN was successfully cracked, we changed the account password. Afterward, we crafted a new JWT token by exploiting the kid parameter, pointing it to a file path containing a key. Using this key, we signed the token, bypassing authentication and gaining unauthorized access.

Hammer writeup
Article Image
BYUCTF 2024 - Random (web)

Learn how to generate a JWT using HS256 and a SHA-256 hashed secret key from the app's start time. This guide covers creating the token, using it as a session cookie, and accessing protected files via an API, highlighting potential security flaws.

BYUCTF Random writeup
Article Image
HTB - Keeper

Keeper involves exploiting a helpdesk running Request Tracker. Using default creds, I accessed a user profile, found a memory dump from KeePass, and exploited CVE-2022-32784 to extract the master password. This led to a root SSH key, which I converted to OpenSSH format to gain root access.

Keeper writeup
Article Image
HTB - Cozy Hosting

HackTheBox CozyHosting, will teach you about Spring Boot active session, specific wordlist for content discovery and encoded payload to get a shell via OS command injection.

CozyHosting writeup
Article Image
Monitors Two

MonitorsTwo lab is about cacti 1.2.22 (CVE-2022-46169), getting info from important files, reused password, /sbin/capsh SUID and docker engine moby flaw (CVE-2021-41091)".

Monitors Two writeup
Article Image
HTB - SAU

HackTheBox SAU, that lab's about SSRF, request-baskets,maltrail (v.053) and CVE-2023-27163. You'll learn how to use GTFOBins to get a shell bypassing linux security restrictions.

SAU writeup
Article Image
THM - What's your name?

In this challenge I managed to get the moderator and admin's cookie via XSS/CSRF.

What's your name writeup