Cyber Blog​

This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)

This lab's change email function is vulnerable to CSRF.

Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...

YouTube Index: Introduction What is Server-Side Parameter Pollution Understanding the Query String in an API Request Example Injecting...

High Level Details: Attacker 1: 40.80.148.42 Attacker 2: 23.22.63.114 CMS: Joomla Site: imnotreallybatman.com Site IP: 192.168.250.70...

This challenge demonstrates a classic prototype pollution vulnerability.

A Classic MD5 SQL Injection Bypass Attack.

Extract a plain text RSA key from HTTP, format it, save as .key, and import into Wireshark with the correct IP, PORT, and protocol for decr

Visual Workflow Summary Summary Identifying hidden functions generated dynamically was at the core of this challenge. While the giveFlag...

Follow along with my YouTube video for an interactive walkthrough. Visual Workflow summary The challenge starts with a provided PCAP file...

Note - You can view my video writeup below  📺🎬🎥 https://youtu.be/xnjWVL7i7HA 📺🎬🎥 This room covers an incident Handling scenario...

Checkout my YouTube Video Writeup https://youtu.be/BbXbbBDW48c Engagement Flow Tools used John Chat GPT Moonwalk Tactics/Techniques...