top of page
Search
Process Injection Investigation (TLS Callback)
Scenario: Byte Doctor suspects the attacker used a process injection technique to run malicious code within a legitimate process, leaving minimal traces on the file system. The logs reveal Win32 API calls that hint at a specific injection method used in the attack. Your task is to analyze these logs using a tool called API Monitor to uncover the injection technique and identify which legitimate process was targeted. Index: Overview Our approach Malicious binary review Windows
BlueDolphin
Dec 4, 2025
Hack the Box - SAU
Request Baskets` instance that is vulnerable to Server-Side Request Forgery (SSRF). Leveraging the vulnerability we are to gain access to a `Maltrail` instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell.
BlueDolphin
Nov 19, 2025
Hack the Box Critical Ops
Summary: A vulnerable web app generated JSON Web Tokens (JWT's) on the client side. The signing secret and client-side generation logic were discoverable in the client JavasScript, allowing me to forge a valid token with elevated privileges and access the admin ticket board. This post shows how the issue was identified, exploited, and how to fix it properly. Client-side JWT token attacks: In normal circumstances the JWT's are signed by the server so endpoints can verify the t
BlueDolphin
Oct 13, 2025
🔍 Sherlock Scenario: Investigating a Malware Intrusion
🧩 Attack Summary In this Sherlock Scenario , you step into the role of a SOC analyst investigating a suspected intrusion. By analyzing...
BlueDolphin
Aug 20, 2025
Tampering Vulnerability Lab - Node JS
Checkout a server side Node JS Parameter Tampering Vulnerability and how we can fix it.
BlueDolphin
Jul 30, 2025
Hack the Box - Sea
YouTube Video Writeup Engagement Flow Tools used Burpsuite WhatWeb OWASP ZAP Netcat Linpeas Tactics/Techniques CVE-2023-41425 - Wonder...
BlueDolphin
Jul 10, 2025
Splunk for Beginners: FREE Security Lab with Botsv3 Dataset (Dashboards, Alerts & Queries!)
Learn how to install Splunk, import security logs, run SPL queries, and build dashboards. Perfect for cybersecurity beginners seeking hands-on skills.
BlueDolphin
May 24, 2025
Pikaptchu - Hack the Box - DFIR
Scenario 🛠️ Scenario Overview An attacker sends a phishing email to the victim, claiming it's an urgent Microsoft Office update. The...
BlueDolphin
May 5, 2025
NeuroSync-D - Hack the Box Lab
| CVE-2025-29927 (auth bypass in Next.js)
| SSRF to scan and find internal services
| LFI to steal secrets
| Redis injection for command execution
BlueDolphin
Apr 11, 2025
FTP Data Exfiltration Investigation
Scenario: FTP Data Exfiltration Investigation - A major incident occurred at Forela. 20 GB of data were stolen from internal s3 buckets.
BlueDolphin
Apr 4, 2025
CSRF SameSite Strict bypass via sibling domain
This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)
BlueDolphin
Mar 16, 2025
Exploiting CSRF: Bypassing SameSite Strict with Client-Side Redirects
This lab's change email function is vulnerable to CSRF.
BlueDolphin
Jan 26, 2025
bottom of page