Category: Interesting Stuff

How I Hacked a Fake DMart Website and Took It Down!
This article describes the discovery and takedown of a fraudulent DMart giveaway website disguised as a legitimate promotional offer. The site was designed to collect personal user information under false pretenses. The author, a cybersecurity researcher, explores the security vulnerabilities, executes a Server-Side Template Injection (SSTI) exploit for remote code execution, and ultimately removes the scam.…
Read More
Large Ransomware Models: Hijacking LRMs With Chain-of-Thought Reasoning
This article explores the methods of exploiting large reasoning models (LRMs) to produce malicious code, specifically focusing on ransomware development. Utilizing the research from Duke’s Center for Computational Evolutionary Intelligence, the author reflects on the challenges of bypassing the ethical safeguards of LRMs while aiming to further understand and counteract ransomware threats.…
Read More
Extracting Forensic Evidence from Smartwatch Data: A CID Hackathon Experience
Smartwatches are emerging as crucial forensic tools in crime investigations, capable of providing valuable data on GPS movements, communications, and transactions. The recent CID Hackathon highlighted the process of extracting and analyzing this data to support law enforcement in solving crimes. Affected: law enforcement, forensic investigations

Keypoints :

Smartwatches can provide a wealth of forensic data beyond health metrics.…
Read More
Exploiting Android Zygote Injection CVE-2024-31317
This article discusses the Android Zygote Injection vulnerability (CVE-2024–31317) that allows attackers to perform system-wide code execution and privilege escalation on devices running Android 11 or older. The Zygote process, which forks applications, becomes a target due to a flaw in how commands are processed, allowing malicious inputs to result in unauthorized system privileges.…
Read More
Social Engineering: The Art of Psychological Exploitation Part-2
This article explores various effective phishing techniques deployed by cybercriminals to deceive users into divulging sensitive information. Techniques discussed include homograph attacks, address bar spoofing, and others that exploit user trust and browser features. Affected: users, online platforms, digital security

Keypoints :

Website phishing is a common social engineering attack.…
Read More
Make your own Pentest Lab, — Part 3 (The War)
This article provides a detailed account of a hands-on ethical hacking exercise focusing on attacking vulnerable systems and showcasing the exploits used. The first step involved scanning for vulnerabilities, followed by executing various attacks on different machines. Notable vulnerabilities exploited include EternalBlue, ZeroLogon, Apache HTTP Server Path Traversal, and Maltrail RCE.…
Read More
Chemistry Walkthrough – HackTheBox
In this article, the author details an easy Linux machine exploitation process that begins with gaining foothold through a CVE vulnerability and escalates to root access via another exploit. The author notes the machine’s slow performance and encourages patience during the tests. The walkthrough includes reconnaissance, exploitation of vulnerabilities in the Pymatgen library and Python aiohttp framework, and obtaining root access.…
Read More
From Foothold to Takeover: Mastering Pivoting Moves
This article provides an overview of pivoting and lateral movement techniques in cybersecurity, focusing particularly on the tool Ligolo-ng. Ligolo-ng is highlighted for its efficiency, user-friendliness, security features, and cross-platform compatibility, making it a valuable asset for penetration testers. The article explains how to set up Ligolo-ng and its advantages compared to other tunneling tools.…
Read More
Stored xss using PDF a bug?
This article discusses the discovery of stored XSS vulnerabilities through the upload of malicious PDFs on various company platforms, leading to Hall of Fame (HOF) recognitions for the author. The vulnerabilities allow for potential exploitation, particularly the execution of JavaScript in PDF documents. The author highlights the risk associated with improper handling of uploaded files and emphasizes the importance of using sandbox environments.…
Read More
The Ultimate Guide to VulnHub Machines for Beginners: Master Network & Web Pentesting
VulnHub is a platform that offers a safe environment for beginners to practice Vulnerability Assessment and Penetration Testing (VAPT). This guide recommends a variety of machines to enhance skills in network security, web security, and CMS exploitation, moving from beginner to advanced levels. Following this structured approach helps build practical skills and prepares learners for future certifications and career opportunities in cybersecurity.…
Read More
Make your own Pentest Lab, — Part 1 (The Creation)
The article describes a pentesting project conducted at the Rochester Institute of Technology, involving the creation of a penetration testing lab. The project is structured into three phases: setting up a vulnerable environment, implementing monitoring tools, and conducting attacks while documenting the findings. Aimed at beginners to intermediate ethical hackers, it highlights specific vulnerabilities, tools used for exploiting them, and mitigation strategies.…
Read More
8 Best AI Headshot Generators of 2025 – Tested & Reviewed (With Samples!)
AI headshot generators are revolutionizing the way individuals and professionals create high-quality profile images. As these tools gain popularity, they bring a host of cybersecurity risks, including deepfake impersonation and data privacy concerns. Understanding their functionality is crucial for mitigating these threats while embracing the convenience they offer.…
Read More
Sendai Vulnlab – ESC4 & ReadGMSAPassword for AD Domination
In the latest round of Active Directory exploitation, Maverick dives into the Sendai machine, showcasing vulnerabilities in Active Directory Certificate Services, password management, and SMB enumeration. Through strategic techniques such as password spraying and privilege escalation, an impressive path to Domain Admin is laid out, emphasizing the importance of enumeration and awareness of misconfigurations in AD environments.…
Read More
EventID 76 – SOC137 – Malicious File/Script Download Attempt | LetsDefend.io
On March 14, 2021, a security alert was triggered by a malicious file download attempt involving a macro-enabled document known as “INVOICE PACKAGE LINK TO DOWNLOAD.docm.” Analysis revealed that the file was flagged by numerous antivirus engines, indicating it contained known malware. The file was successfully blocked and quarantined, preventing any execution on the associated endpoint, NicolasPRD.…
Read More