Category: Interesting Stuff

EventID 76 – SOC137 – Malicious File/Script Download Attempt | LetsDefend.io
On March 14, 2021, a security alert was triggered by a malicious file download attempt involving a macro-enabled document known as “INVOICE PACKAGE LINK TO DOWNLOAD.docm.” Analysis revealed that the file was flagged by numerous antivirus engines, indicating it contained known malware. The file was successfully blocked and quarantined, preventing any execution on the associated endpoint, NicolasPRD.…
Read More
Snyk Fetch the Flag 2025 Write-Up: VulnScanner
In the Snyk Fetch the Flag 2025 CTF event, a web challenge named VulnScanner allows participants to define HTTP test specifications using YAML. The challenge revealed potential vulnerabilities through code review of API endpoints. Notable vulnerabilities include file handling in the /templates/download/ route and command execution via the /upload route after bypassing digest verification.…
Read More
6 Best AI Website Builders of 2025 — Which One is Right for You?
This article reviews and ranks the top six AI-powered website builders for 2025 based on their ease of use, features, pricing, and performance. These builders simplify the website creation process, making it accessible for both tech-savvy individuals and novices. Key highlights include unique functionalities, pricing plans, and ideal target users for each platform.…
Read More
Bug Bounty Hunting: Web Vulnerability (Cross-Site Request Forgery)
Cross-Site Request Forgery (CSRF) attacks manipulate authenticated users into executing unwanted actions without their consent, risking account security and sensitive information. Exploits use techniques like CSRF tokens, clickjacking, and forged requests to bypass protections, making effective prevention essential. Affected: websites, online services, users

Keypoints :

CSRF is a client-side attack exploiting authenticated sessions.…
Read More
Blind SQL Injection in Oracle Database: Exfiltrating Data with Burp Collaborator – SQL Injection Techniques and Exploitation Strategies
This article discusses a Blind SQL Injection vulnerability within a controlled environment that allows attackers to extract sensitive information using out-of-band techniques. The vulnerability exploits the lack of direct feedback from SQL queries to trigger external requests for data extraction. The focus is on preventing unauthorized use of these methods and responsibly addressing security threats.…
Read More
Function Hooking Using LD_PRELOAD
This article explains function hooking using the LD_PRELOAD environment variable, showcasing a hands-on example of modifying a random number guessing game to make it possible to win. It covers the theory behind function hooking, practical implementation, and details on dynamic linking. Affected: Unix-like operating systems, software applications

Keypoints :

Function hooking intercepts and modifies function calls at runtime.…
Read More
Getting the Most Value Out of the OSCP: The PEN-200 Course
This article highlights essential strategies for maximizing the experience of the PEN-200 course, focusing on the importance of building proficiency with tools, understanding the real-world implications of techniques, and leveraging industry connections. By diversifying skills in note-taking and tool usage, aspiring ethical hackers can enhance their career prospects and avoid common pitfalls in penetration testing.…
Read More
UFO-1, – Threat Intelligence
This article discusses various exercises completed as part of Threat Intelligence training on the Hack The Box platform, focusing on the Sandworm Team (also known as BlackEnergy Group and APT44). The training utilizes the MITRE ATT&CK framework to explore the tactics, techniques, and procedures (TTPs) employed by this group, analyzing their historical campaigns, tools, and methods.…
Read More
Cracking Linux Password Hashes
This article provides a detailed overview of Linux password storage methods, hashing techniques, and the tools available for password hash analysis and cracking, including John the Ripper and Hashcat. It highlights the importance of understanding these elements in achieving system security and testing resistance levels. Affected: Linux systems, cybersecurity sector

Keypoints :

Password information in Linux is stored in the /etc/shadow file.…
Read More

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Read More

https://github.com/notthehiddenwiki/NTHW/tree/nthw

There are already 2853 links on our wiki!

💥 Intro

We believe that knowledge should be free! So we collected many valuable links from various specialists in their fields and created this wiki. Regardless of whether you are just starting your adventure with cybersecurity or you have been in this world for a long time, you will definitely find something for yourself on this wiki.…

Read More
How This 999 Dollar XSS Bug Bounty Was Found in Just 17 Minutes
Cross-site scripting (XSS) vulnerabilities, particularly stored XSS, pose significant security threats in web applications, allowing attackers to hijack user sessions and steal sensitive information. By exploiting hidden input fields and using clever payloads, vulnerabilities can often be found in overlooked areas. This article illustrates a successful hunt for such a vulnerability and the critical lessons learned.…
Read More
Manual Obfuscation in PowerShell
This article explores manual obfuscation techniques for PowerShell scripts, primarily focusing on bypassing AMSI detection. It covers various methods such as string extraction, reversing strings, encoding, and combining tactics to obscure code effectively while noting the educational intention and ethical considerations. Affected: PowerShell, AMSI

Keypoints :

Manual obfuscation techniques are discussed with a focus on PowerShell scripts.…
Read More