top of page

Search

CSRF SameSite Strict bypass via sibling domain
This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)
BlueDolphin
Mar 16

Exploiting CSRF: Bypassing SameSite Strict with Client-Side Redirects
This lab's change email function is vulnerable to CSRF.
BlueDolphin
Jan 26

Hack the Box - Investigation (Medium)
Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...
BlueDolphin
Dec 20, 2024

Server-Side Parameter Pollution (SSPP) Through Query Strings
YouTube Index: Introduction What is Server-Side Parameter Pollution Understanding the Query String in an API Request Example Injecting...
BlueDolphin
Nov 23, 2024

Boss Of The SOC V1 Blue Team Lab
High Level Details: Attacker 1: 40.80.148.42 Attacker 2: 23.22.63.114 CMS: Joomla Site: imnotreallybatman.com Site IP: 192.168.250.70...
BlueDolphin
Aug 14, 2024

DownUnderCTF - Web - Python Prototype Pollution
This challenge demonstrates a classic prototype pollution vulnerability.
BlueDolphin
Jul 7, 2024

UIUCTF 2024 - Fare Evasion
A Classic MD5 SQL Injection Bypass Attack.
BlueDolphin
Jul 2, 2024

US Cyber Games 2024 - Certified
Extract a plain text RSA key from HTTP, format it, save as .key, and import into Wireshark with the correct IP, PORT, and protocol for decr
BlueDolphin
Jun 10, 2024

US Cyber Games 2024 - Ding-O-Tron
Visual Workflow Summary Summary Identifying hidden functions generated dynamically was at the core of this challenge. While the giveFlag...
BlueDolphin
Jun 10, 2024

NahmaCon CTF 2024 - 1337 Malware
Follow along with my YouTube video for an interactive walkthrough. Visual Workflow summary The challenge starts with a provided PCAP file...
BlueDolphin
May 27, 2024

Splunk Incident Handling - Exploitation Detection THM series 2/7
Note - You can view my video writeup below 📺🎬🎥 https://youtu.be/xnjWVL7i7HA 📺🎬🎥 This room covers an incident Handling scenario...
BlueDolphin
May 21, 2024

Hack The Box Machine Write-Up: Codify
Checkout my YouTube Video Writeup https://youtu.be/BbXbbBDW48c Engagement Flow Tools used John Chat GPT Moonwalk Tactics/Techniques...
BlueDolphin
May 6, 2024

Hack the Box - Incident Response - Meerkat
Attackers workflow mapped Attacker's Summary This summary will cover the attackers workflow as discovered from my point of view. I...
BlueDolphin
Mar 25, 2024

Hack the Box - Forensics - Red Miners
CHALLENGE DESCRIPTION In the race for Vitalium on Mars, the villainous Board of Arodor resorted to desperate measures, needing funds for...
BlueDolphin
Mar 3, 2024

Hack the Box - WEB - Juggling facts
CHALLENGE DESCRIPTION An organization seems to possess knowledge of the true nature of pumpkins. Can you find out what they honestly know...
BlueDolphin
Feb 4, 2024

Post Incident Response - I like to - Sherlock by HTB
Attackers workflow mapped Attacker's Summary This summary will cover the attackers workflow as discovered from my point of view. I...
BlueDolphin
Dec 3, 2023

🔐 Hack The Box Machine Write-Up: PC
This machine involves RPC servers, command injection and a CVE with a twist on SQL injection and burpsuite.
BlueDolphin
Oct 30, 2023

Incident Handling with Splunk - THM Series - Phase 1/7 Reconnaissance
This room covers an incident Handling scenario using Splunk.
BlueDolphin
Oct 30, 2023

Tenable Capture the Flag - Web - Cat Viewer
SQL Injection manual (NO AUTOMATION)
BlueDolphin
Aug 13, 2023

Hack the Box - Precious
Engagement flow Summary This machine starts off with some basic web enumeration. The user learns about a web page pdf conversion...
BlueDolphin
Jun 27, 2023

Hack the Box - Soccer
Engagement Flow Summary This is my writeup for the Hack the Box Machine "Soccer". Tools Used whatweb Processes/Techniques Web enumeration...
BlueDolphin
Jun 27, 2023

Hack the Box - Stocker
Engagement Map Enumeration We start off with a casual NMAP scan including the flags for service scanning and version discovery. Initially...
BlueDolphin
Jun 27, 2023

Docker - Analyzing Images Offline
Summary Docker images offer many benefits, they can also present challenges for developers and security professionals who need to...
BlueDolphin
May 7, 2023

Docker Registry Enumeration
Enumerating Docker Registries
BlueDolphin
May 7, 2023
bottom of page