Nocturnal is an easy machine from @hackthebox_eu : Web application which we’ll fuzz for hidden backup=>User credentials=>Admin panel=>Backup=>RCE through source code review=>User flag=>CVE-2023-46818 in ispconfig whish is a PHP RCE to land root privileges.

Happy to share that over the last weekend my team "4ay 5amseena" played @ascyberwargames Quals CTF and managed to secure 4th place with lots of 1st, 2nd and 3rd bloods 🩸 during the process💯Therefore securing a spot in the finals happening next month in Cairo, Egypt! 🇪🇬

Join millions who have switched to Grok.

Code is an easy machine from @hackthebox_eu :Exposed python interpreter=>Exposed python subclasses to execute code and get a shell=>Abuse a backup script that takes as an argument a json file, so we can request to backup the root directory => root flag.

RT @_PwnSec_: This weekend, we ranked 3rd at DeadSec CTF, took some grit and fervor to get there, considering we played WWCTF and UIU CTF s….

Cypher is a medium machine from @hackthebox_eu: Cypher injection through manipulation of error codes to =>System shell=>Exfiltrating creds. For privesc, we’ll abuse bbot with the ability to inject our own YARA rules to read the contents of the root flag.

Watching @RealJohnnyTime web3 security interviews to try and extract as much tips as possible from the best people in the field. I will be on your podcast one day, watch out!

Scepter is a hard machine from @hackthebox_eu :Exposed rpc endpoint that we can mount onto our machine =>Keys and certificates to impersonate d.baker user=>ForceChangePassword to get a.carter=>Abuse ESC14 and get h.brown=>p.adams who has DCSync privileges.

Hey Web3 comunity! Hope you are all doing well. I wanna take your advice: after you finish an audit in which you did not perform well and you want to study the findings of other people, how do you study them efficiently in a way that they become a reference for future audits?.

Hey Web3 community, I need your advice:.On each new audit, I find myself struggling and taking too much time to understand the docs and the codebase, especially for new concepts that I cant find any vulnerability cuz my mind is focused on understanding first. How do you do it?.

Dog is an easy machine from @hackthebox_eu : Exposed .git folder leaking user credentials=>Exploit an Authenticated RCE vulnerability on a Backdrop CMS instance for user. As for root, we’ll abuse bee to execute commands as root granting us system access.

Cat is a medium machine from @hackthebox_eu : Exposed git directory=>XSS to get to admin panel => SQLI to get user creds and user flag => CVE-2024-6886 which is a stored XSS in an internal instance of Gitea to get root credentials.

Haze is a hard machine from @hackthebox_eu : Splunk instance=>LFI=>Extract splunk secrets and decrypt them=>Read GMSA secrets to=>WriteOwner=>ForceChangePassword and AddKeyCredentialLink to impersonate=>Splunk secrets and=>SeImpersonatePrivilege .

Titanic is an easy machine from @hackthebox_eu : Local File Inclusion concluded from some source code analysis=>gitea app.ini=>Database file=>Crack hashes=>=Arbitrary code execution in ImageMagic CVE-2024–41817 .

INFILTRATOR insane-machine from @hackthebox_eu.

Question to SRs who have been doikg this for a long time:.How do you keep track of logic and function calls in a codebase?.If codebase is big with many contracts how do you get it well?.I spent a long time diagramming the contracts to understand well and seems I'm wasting time.

Smart Contracts in Web3 are still susceptible to Denial Of Service (DoS) attacks, even @owasp listed DoS in its' 2025 OWASP top 10. I have made a couple of examples outlining how DoS attacks can be a really dangerous vector in Today's smart Contracts.

Backfire is a medium machine from @hackthebox_eu : Leaked Havoc C2 files -> HavocC2 SSRF -> Open websocket connection to get a revshell -> Internal instance of HardHatC2 -> RCE 0-day -> Execute iptables-save as sudo -> back any file we want -> pwned.

Excited to announce I've just completed the Smart Contract Security course on @CyfrinUpdraft by @PatrickAlphaC!.A 24hrs course to learn about:.- Advanced smart contract security, Manual review, Invariant and Fuzz testing.It has been one of the best I've done in my career.

Just finished TSwap audit from @CyfrinUpdraft's Smart Contract Security course. I can say with confidence that my best 2 sections are:.- TSwap audit (fuzzing especially). - DeFi Stable Coin section from Advanced Foundry. If you still didn't do these, you're missing on a LOT!!!.

New day, new explanation from @CyfrinUpdraft.Today I have added and explained @owasp's #SC09: Insecure Randomness. We often rely on random numbers in games or other fields. So make sure to check my Smart Contract Attacks github repo where I explained this!.