3 min readMika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture
3 min readWe will explain how to use John the Ripper, a tool used to crack passwords, to crack a passphrase of an SSH Private Key with the famous wordlist rockyou.txt. Continuer la lecture
6 min readTryHackMe – Olympus Room designed by G4vr0ch3. Continuer la lecture
2 min readThe plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
4 min readAre you good enough to apply for this job ? Continuer la lecture
4 min readThe SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Continuer la lecture
3 min readShocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture
3 min readIn this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
4 min readGallery is a tryhackme room designed by me. You will exploit an SQL injection and deal with a custom script to escalate to the root user. Continuer la lecture
3 min readVoici le write up du challenge Baguette VPN n°2 du France Cybersecurity Challenge (FCSC 2021)
Le but est de récupérer le secret contenu dans l’API. Continuer la lecture
