Welcome to my first CTF Writeup.

This is my write-up for the TryHackMe room on Subdomain Enumeration ↗ . Written in 2026, I hope this write-up helps others learn and…

Kasus ini menceritakan tentang suatu malam di pertengahan bulan November, ketika seorang karyawan CALE yang sedang kelelahan mendapatkan…

I Didn’t Touch The Server… But I Still Executed JavaScript (DOM XSS Explained)

Introduction – HTTP Headers Are Not “Just Metadata”

Introduction

The February Intigriti challenge was a whole vibe. We went from a simple Markdown input to full-on administrative cookie exfiltration. In…

Anthropic claims DeepSeek and other Chinese AI firms used 24,000 accounts to "pilfer" Claude's data. Inside the high-stakes battle for LLM training secrets.

This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks.

Challenge: Multi-Stage Attack Chain Leading to Flag Disclosure

Ever heard of a $30 gadget opening up a corporate network in less than five minutes? Or how a simple USB stick can bypass a locked Windows…

The Hook: The Illusion of the “Strong” Password

How to prevent (Infosec) Burnout Felt like doing a very short write up about what I “attempt” to do to avoid burn outs. If you’re like me, you try to keep up to date with all the lasted hacks …

A Silent 6-Month Leak That Nobody Noticed Until It Was Too Late

Today, we’re diving into LDAP exploitation. Using the Vulnlab box ‘Baby,’ we’ll cover how to enumerate directory services, find hidden…

In a world where every byte tells a story, the most valuable skill you can own is the ability to read it.

Target Application:
https://github.com/Yavuzlar/VulnLab/tree/main

Author: safehacker_2715
Vulnerability : Insecure Direct Object Reference

SolarWinds patches four critical 9.1 CVSS RCE vulnerabilities in Serv-U. Attackers can create admin users and execute code as root. Update to 15.5.4 now!