Cyber Blog​

🧩 Attack Summary In this Sherlock Scenario , you step into the role of a SOC analyst investigating a suspected intrusion. By analyzing...

Checkout a server side Node JS Parameter Tampering Vulnerability and how we can fix it.

YouTube Video Writeup Engagement Flow Tools used Burpsuite WhatWeb OWASP ZAP Netcat Linpeas Tactics/Techniques CVE-2023-41425 - Wonder...

Learn how to install Splunk, import security logs, run SPL queries, and build dashboards. Perfect for cybersecurity beginners seeking hands-on skills.

Scenario 🛠️ Scenario Overview An attacker sends a phishing email to the victim, claiming it's an urgent Microsoft Office update. The...

| CVE-2025-29927 (auth bypass in Next.js) | SSRF to scan and find internal services | LFI to steal secrets | Redis injection for command execution

Scenario: FTP Data Exfiltration Investigation - A major incident occurred at Forela. 20 GB of data were stolen from internal s3 buckets.

This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)

This lab's change email function is vulnerable to CSRF.

Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...

YouTube Index: Introduction What is Server-Side Parameter Pollution Understanding the Query String in an API Request Example Injecting...

High Level Details: Attacker 1: 40.80.148.42 Attacker 2: 23.22.63.114 CMS: Joomla Site: imnotreallybatman.com Site IP: 192.168.250.70...