🚨 Axios Supply Chain Attack = Simple Explanation of What Happened A major software supply chain attack has just impacted the JavaScript ecosystem, targeting one of the most widely used libraries i...

Expressway is an easy-difficulty linux machine from Hack The Box where we start with Enumeration (TCP/UDP Scans) –> IKE-Scan –> PSK Cracking (psk-crack) –> SSH Access –> Sudo CVE Check ...

GiveBack is a medium-difficulty Linux machine from Hack The Box where we exploited an unauthenticated PHP object injection in the GiveWP plugin (CVE-2024-5932) to achieve remote code execution insi...

Soulmate is an easy-difficulty Linux machine from Hack The Box where we found the hidden subdomain ftp.soulmate.htb exposing CrushFTP → abused CVE-2025-31161 auth bypass to register a new admin acc...

Signed is a medium-difficulty Windows machine where we start with provided MSSQL credentials (scott / Sm230#C5NatH) → abuse xp_dirtree + Responder to capture & crack the mssqlsvc NTLMv2 hash (p...

CodeTwo is an easy-difficulty linux machine from Hack The Box when you need to register in a website and run a code that is vulnrable to js2py to get RCE → getting username and password from users....

Imagery is a medium machine from HackThebox where i started with XSS in Bug Report –> Admin Cookie Theft –> LFI in Log Download –> Database Leak –> Command Injection in Image Transform ...

WhiteRabbit is an insane machine from HackThebox where i started with Virtual host fuzzing revealed internal status subdomain –> Misconfigured Uptime Kuma / WikiJS stack exposed GoPhish webhook ...

Outbound is an easy-difficulty linux machine from Hack The Box where you start with credentials for the following account tyler / LhKL1o9Nm3X2 Roundcube RCE –> MySQL Credentials –> DES3 Decr...

My CRTP Journey: A Hands-On Dive into Active Directory Red Teaming Hey everyone! It’s been a week since I earned my Certified Red Team Professional (CRTP) certification from Altered Security, and ...