Lmst

VulNyx Misconfigured Writeup

A Step-by-Step Walkthrough of Enumerating AD Services and Gaining Administrator Access on the Misconfigured Machine
https://thecybercraft.medium.com/vulnyx-misconfigured-writeup-f3f35cb52673

#writeup #ctf #infosec #cybersecurity #pentest #vm

I might be a few months late, but I finally found some time to publish my "magnetic_tape" crypto challenge from #NullCon #Berlin #HackIM #CTF 2025:

https://github.com/OOTS/magnetic_tape

I included the source code (was published anyway during the CTF), my own solution, my own #writeup, and some internal files (#Dockerfile, docker-compose, minimal #python #unittests).

Also: #NullCon #Goa #HackIM #CTF 2026 is happening in a few days: https://ctf.nullcon.net
Go check it out!

VulNyx War Writeup

https://medium.com/@thecybercraft/vulnyx-war-writeup-b18f3fff41c5

#nulnyx #writeup #ctf #infosec #cybersecurity #pentesting

🤯 Eloquia (Insane) Writeup Dropped!
This Windows box required a 4-step chain:
* OAuth CSRF Takeover
* SQLite RCE
* Edge DPAPI Credential Extract
* Service Binary Race Condition \to SYSTEM
Full Guide: https://kzs.me/s6su26
#htb #insane #cybersec #writeup #ctf

Just dropped our writeup for MonitorsFour 🖥️ here: https://kaizenl.ink/5zen6j

A Windows machine featuring:
🔹 API IDOR for credential leakage
🔹 RCE via Cacti (CVE-2025-24367)
🔹 System compromise via Docker API escape

#htb #hackthebox #cybersec #writeup #ctf

With the Era box on #HTB retired I now finally can publish my writeup of this box

https://blog.maschmi.net/era-htb/

Thank you @mkalmes for reading it a few months ago and for the feedback on it. It helped me going forward with this!

I also submitted it as a community supplied walkthrough. Now I wait and hope it will be accepted 🤞

#ctf #pentest #HackTheBox #writeup

Just dropped our writeup for HackTheBox Gavel on 🔨
A Medium Linux machine featuring:
🔹 SQLi bypassing PDO protection
🔹 RCE via runkit_function_add()
🔹 Root privesc using YAML injection

Check out the full walkthrough here:
https://kaizenl.ink/7e8dgm

#HTB #hackthebox #writeup

New post on kore.one: BjörnCTF 2025 – phantom-parameters Challenge Writeup - https://kore.one/bjornctf-2025-phantom-parameters-challenge-writeup/ #BjörnCTF2025 #Crypto #Challenge #Writeup #Walktrough

New post on kore.one: BjörnCTF 2025 – gamal-vs-elgamal Challenge Writeup - https://kore.one/bjornctf-2025-gamal-vs-elgamal-challenge-writeup/ #BjörnCTF2025 #Crypto #Challenge #Writeup #Walktrough

New post on kore.one:
BjörnCTF 2025 – ez-poly Challenge Writeup - https://kore.one/bjornctf-2025-ez-poly-challenge-writeup/
#BjörnCTF2025 #Crypto #Challenge #Writeup #Walktrough

Три неудачных патча и одно озарение: реверсим клиентскую аутентификацию на HTB

Название: Bypass Категория: Reversing Сложность: Easy Ссылка: https://app.hackthebox.com/challenges/Bypass Разбираю задачу Bypass с Hack The Box. Путь от трех неудачных патчей в IDA Pro до элегантного решения с помощью dnSpy. Показываю, как выбор правильного инструмента решает всё.

https://habr.com/ru/articles/963086/

#hacking #hackthebox #реверсинжиниринг #htb #writeup #bypass #ida_pro #net #c# #dnspy