BroScience Overview BroScience is a medium-difficulty challenge focusing on web-related vulnerabilities, source code review, and custom code writing for exploitation. This box serves as excelle...

Sekhmet Overview Sekhmet is an insane difficulty box: a lot of enumeration, exploitation of NodeJS deserialization, ModSecurity and Windows AppLocker bypass, weak ZIP encryption types, pivoting...

[Part 1] - Kerberos 102 - Overview [Part 2] - Kerberos 102 - Delegation [Part 3] - Kerberos 102 - Cross-Realm Operations Overview Kerberos delegation is a feature in the Kerberos authentication...

[Part 1] - Kerberos 102 - Overview [Part 2] - Kerberos 102 - Delegation [Part 3] - Kerberos 102 - Cross-Realm Operations Overview Kerberos cross-realm authentication, is a mechanism that enables...

In this blog post, I’m sharing a compilation of my notes that I took while trying to understand Kerberos and address my own questions. I didn’t conduct any original research, but instead, I reviewe...

Regarding to the official site, Belloo (other possible names are premiumdatingscript, lindoo, social match) is a “High quality dating software with incredible out of the box ready-to-use function...

Overview Monitors is defined as a hard-difficulty box: a lot of enumeration, 3 real-world CVE`s and docker container privilege escalation at the end. Notes Sometimes information from public e...

Overview Cap is a low-difficulty box. The exploitation and privilege escalation parts are pretty straightforward. Attention to detail and basic knowledge about Linux file capabilities are all tha...

Building a Docker Service Honeypot Introduction One of the well-known misconfigurations for docker is an exposure of control API. By default, the docker client (CLI) communicates with the daemon u...