top of page
Search
Hack the Box Job
Generating malicious office documents targeting a website accepting LibreOffice-compatible documents.
BlueDolphin
5 hours ago
HTB Breach Machine
Attacking Active Directory via kerberoasting with a forged silver ticket.
BlueDolphin
Mar 6
Process Injection Investigation (TLS Callback)
Scenario: Byte Doctor suspects the attacker used a process injection technique to run malicious code within a legitimate process, leaving minimal traces on the file system. The logs reveal Win32 API calls that hint at a specific injection method used in the attack. Your task is to analyze these logs using a tool called API Monitor to uncover the injection technique and identify which legitimate process was targeted. Index: Overview Our approach Malicious binary review Windows
BlueDolphin
Dec 4, 2025
Hack the Box - SAU
Request Baskets` instance that is vulnerable to Server-Side Request Forgery (SSRF). Leveraging the vulnerability we are to gain access to a `Maltrail` instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell.
BlueDolphin
Nov 19, 2025
Hack the Box Critical Ops
Summary: A vulnerable web app generated JSON Web Tokens (JWT's) on the client side. The signing secret and client-side generation logic were discoverable in the client JavasScript, allowing me to forge a valid token with elevated privileges and access the admin ticket board. This post shows how the issue was identified, exploited, and how to fix it properly. Client-side JWT token attacks: In normal circumstances the JWT's are signed by the server so endpoints can verify the t
BlueDolphin
Oct 13, 2025
🔍 Sherlock Scenario: Investigating a Malware Intrusion
🧩 Attack Summary In this Sherlock Scenario , you step into the role of a SOC analyst investigating a suspected intrusion. By analyzing...
BlueDolphin
Aug 20, 2025
Tampering Vulnerability Lab - Node JS
Checkout a server side Node JS Parameter Tampering Vulnerability and how we can fix it.
BlueDolphin
Jul 30, 2025
Hack the Box - Sea
YouTube Video Writeup Engagement Flow Tools used Burpsuite WhatWeb OWASP ZAP Netcat Linpeas Tactics/Techniques CVE-2023-41425 - Wonder...
BlueDolphin
Jul 10, 2025
Splunk for Beginners: FREE Security Lab with Botsv3 Dataset (Dashboards, Alerts & Queries!)
Learn how to install Splunk, import security logs, run SPL queries, and build dashboards. Perfect for cybersecurity beginners seeking hands-on skills.
BlueDolphin
May 24, 2025
Pikaptchu - Hack the Box - DFIR
Scenario 🛠️ Scenario Overview An attacker sends a phishing email to the victim, claiming it's an urgent Microsoft Office update. The...
BlueDolphin
May 5, 2025
NeuroSync-D - Hack the Box Lab
| CVE-2025-29927 (auth bypass in Next.js)
| SSRF to scan and find internal services
| LFI to steal secrets
| Redis injection for command execution
BlueDolphin
Apr 11, 2025
FTP Data Exfiltration Investigation
Scenario: FTP Data Exfiltration Investigation - A major incident occurred at Forela. 20 GB of data were stolen from internal s3 buckets.
BlueDolphin
Apr 4, 2025
bottom of page