Cyber Blog​

Scenario 🛠️ Scenario Overview An attacker sends a phishing email to the victim, claiming it's an urgent Microsoft Office update. The...

| CVE-2025-29927 (auth bypass in Next.js) | SSRF to scan and find internal services | LFI to steal secrets | Redis injection for command execution

This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)

This lab's change email function is vulnerable to CSRF.

Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...

YouTube Index: Introduction What is Server-Side Parameter Pollution Understanding the Query String in an API Request Example Injecting...

High Level Details: Attacker 1: 40.80.148.42 Attacker 2: 23.22.63.114 CMS: Joomla Site: imnotreallybatman.com Site IP: 192.168.250.70...

This challenge demonstrates a classic prototype pollution vulnerability.

A Classic MD5 SQL Injection Bypass Attack.

Extract a plain text RSA key from HTTP, format it, save as .key, and import into Wireshark with the correct IP, PORT, and protocol for decr

Visual Workflow Summary Summary Identifying hidden functions generated dynamically was at the core of this challenge. While the giveFlag...

Follow along with my YouTube video for an interactive walkthrough. Visual Workflow summary The challenge starts with a provided PCAP file...