Caption HackTheBox Writeup
Compromising the Caption machine by abusing GitBucket and a buggy log service to gain root access.
Jul 7, 20254 min read22
Command Palette
Search for a command to run...
#cybersecurity-1
Articles tagged with #cybersecurity-1
NoSQL injection
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database
May 1, 20254 min read120
CRLF Injection: A Critical Web Application Vulnerability
CRLF (Carriage Return Line Feed) injection is a type of attack that targets web applications through the manipulation of HTTP headers. The term “CRLF” refers to the characters used to mark the end of a line in HTTP requests and responses. These chara...
Feb 11, 20255 min read40
Web Cache Deception: Understanding and Mitigating Security Risks
Web Cache Deception is a technique that attackers use to manipulate caching systems and mislead web applications into serving unintended content
Jan 29, 20255 min read74
Unrested HTB Writeup
About Unrested Unrested is a medium difficulty Linux machine hosting a version of Zabbix. Enumerating the version of Zabbix shows that it is vulnerable to both CVE-2024-36467 (missing access controls on the user.update function within the CUser class...
Jan 28, 20258 min read10
CVE-2025–21298 Windows OLE Remote Code Execution Vulnerability
Overview CVE-2025-21298 is a critical vulnerability in Windows Object Linking and Embedding (OLE) technology, which enables remote code execution (RCE) with a CVSS severity score of 9.8. OLE is a proprietary Microsoft technology that allows embedding...
Jan 26, 20253 min read8