Quick Summary
Waldo was a great box and what makes it special is its unique way in getting the root flag. Every step with this box was very fun and I liked this box too much.
It’s a linux box and its ip is 10.10.10.87 so let’s jump right in




Nmap
Starting…

Phishing attacks are the most common form of infiltration used by Iranian state-backed hackers to gain access into accounts. Certfa reviews the latest campaign of phishing attacks that has been carried out and dubbed as “The Return of The Charming Kitten”.

Greetings! During penetration testing projects we often encounter tightly segmented networks that are almost completely isolated from the outside world. Sometimes, to solve this problem it is required of us to forward traffic through the only available protocol…

PowerShell noscript to mitigate CVE-2018-12038. The noscript takes a list of PC as input, gets their BitLocker encryption type remotely, and outputs a report as a CSV file - thom-s/remote-bitlocker-enc...

Steganography, or the method used to conceal a malicious payload inside an image to evade security solutions, has long been used by cybercriminals to spread malware and perform other malicious operations. We recently discovered malicious actors using this…

Step up your game with a modern voice & text chat app. Crystal clear voice, multiple server and channel support, mobile apps, and more. Get your free server now!

Learn about various BLE vulnerabilities and the tools and techniques employed for performing attacks on Bluetooth Low Energy devices.

This PowerShell noscript exploits a known vulnerability in Word 2016 documents with embedded online videos by injecting HTML code into a docx file, replacing the values of all pre-existing embeddedHt...

Domain User to Domain Admin
Knowing the difference between user authentication and authorization when designing secure software can be extremely important to avoid common security pitfalls. Often times application software vendors subvert the overall security…

7 votes and 0 comments so far on Reddit

7 votes and 3 comments so far on Reddit

Hidden directories and files left accidentally on the web server might be a very valuable source of sensitive information. There can be a…

One of the more common vulnerabilities on ASP.NET applications is local file disclosure. If you've never developed or worked with this technology, exploiting LFD can be confusing and often unfruitful. In the following write up I describe approaching an application…

Contribute to p4wsec/hackthebox development by creating an account on GitHub.

Everything you should know about certificates and public key infrastructure (PKI) but are too afraid to ask.

A kernelspace syscall interceptor and randomized faulter - trailofbits/krf

Introduction

KringleCon is a virtual conference for security-minded people and hackers from around the world, hosted by Santa and his team at the North Pole mid-December, 2018. Santa's goal for KringleCon is to help improve the state of cyber security world-wide, protecting…

Facebook is having to yet again apologise for another flaw which affects millions of their users - this time exposing unpublished, private photos...