A PortSwigger Web Security Academy lab on the first step of every UNION-based SQL injection — learning how many columns the original query returns, using ORDER BY and UNION SELECT NULL.

A Drupal 7.54 Services REST endpoint accepted PHP-serialized objects as login credentials; a crafted SelectQueryExtender injected SQL to authenticate as admin, then a cache-poison payload replaced the login handler with file_put_contents to write a PHP webshell, landing a shell as nt authority usr.

Legacy is an easy-difficulty Windows XP box and a museum piece of SMB exploitation. An unauthenticated, unpatched Server service is vulnerable to MS08-067 (and MS17-010). A single netapi exploit overflows a stack buffer and executes code as NT AUTHORITY\SYSTEM — there is no separate privilege escalation, so both flags fall from one shell.

An unpatched Windows 7 SMBv1 server is vulnerable to EternalBlue (MS17-010); a single unauthenticated kernel-pool overflow returns a SYSTEM shell, making both flags trivially reachable — this post covers recon through the user flag.

An end-of-life Samba 3.0.20 server with the 'username map script' option enabled passes the SMB logon username through a shell, so a username containing backticked shell metacharacters yields command execution as root (CVE-2007-2447) — one exploit lands a root shell and both flags.

Access is an "easy" difficulty machine, that highlights how machines associated with the physical security of an environment may not themselves be secure. Also highlighted is how accessible FTP/file shares can often lead to getting a foothold or lateral movement. It teaches techniques for identifying and exploiting saved credentials.

I’m going for my OSCP soon. I’ll be releasing a lot more posts focused on hacking and Offsec. I will be doing a bunch of HackTheBoxes to prepare. Stay tuned. There’s a lot more coming.

    Box Lights Out Difficulty Easy OS Linux Lights Out is an easy Linux box themed around a fake server Li...

I noticed that fast.com reported my connection at around 620 Mbps while command line tools like speedtest-cli were reporting closer to 109 Mbps. That discrepancy bothered me, so I spent an evening ...

A simple script to discover the maximum MTU supported by every device on your LAN — so you can confidently enable jumbo frames without breaking connectivity. Why Most home and lab networks run at...

A lightweight, real-time download scanner that quarantines new files in ~/Downloads, checks their SHA256 hash against VirusTotal, and only releases them once verified clean. Why Every file you do...

Device Info Model: F6D4230-4D1 Type: Consumer N150 Wi-Fi router (802.11b/g/n, 2.4 GHz) Year: 2009 (FCC approved January 2009, retail ~June 2009) Status: End-of-life / obsolete This is ...

AFW — An Application Firewall That Actually Makes Sense on Linux I don’t like running systems I don’t understand. And for years, one thing bugged me about every Linux desktop I’ve set up: outbound...

The Neutrino exploit kit is a malicious tool kit, which can be used by attackers who are not experts on computer security. Threat actors can have zero coding experience and still use exploit kits l...

I built Sysmon Builder to solve a recurring problem: beginners struggle to adopt Sysmon effectively. Sysmon is one of the most powerful sources of Windows telemetry, but its value is entirely depe...

AsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection.

XWorm is a .NET-based remote access trojan (RAT) commonly delivered through phishing campaigns and multi-stage infection chains. It enables remote control, credential theft, payload execution, and ...

I don’t like running systems I don’t understand. By default, most desktops allow all outbound traffic and only worry about inbound filtering. That model assumes trust. I wanted visibility and contr...

As I revisit my 10th Arch build and go to create what I always wanted 15 years ago. I am excited to share my experiences and what I have learned as I create this masterpiece.\ Browser I installed...

recommended prerequisites understanding of frameworks like mitre, lockeed martin, nist, cis 18 power user cert knowledge soc analyst triage splunk es 7.0+ vocabularary working in a soc ...