[TryHackme] – Olympus
6 min read TryHackMe – Olympus Room designed by G4vr0ch3. Continuer la lecture
My first CVE (2021-24856) – WordPress Plugin
2 min read The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
[TryHackme] – Empline
4 min read Are you good enough to apply for this job ? Continuer la lecture
BTLO – Network Analysis – Web Shell
4 min read The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Continuer la lecture
HackTheBox : Shocker
3 min read Shocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture
Linux Privilege Escalation : Docker Group
3 min read In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
CloudFlare : Real visitor IPs in Nginx logs
2 min read Real visitor IPs in Nginx logs when using CloudFlare. Continuer la lecture
[TryHackme] – Gallery
4 min read Gallery is a tryhackme room designed by me. You will exploit an SQL injection and deal with a custom script to escalate to the root user. Continuer la lecture
FCSC 2021 : BaguetteVPN 2
3 min read Voici le write up du challenge Baguette VPN n°2 du France Cybersecurity Challenge (FCSC 2021)
Le but est de récupérer le secret contenu dans l’API. Continuer la lecture
Linux Privilege Escalation : Python Library Hijacking
3 min read Linux Privilege Escalation with Python Library Hijacking.
Python will prioritize the execution of our malicious module instead of the usual path Continuer la lecture
