My PortSwigger Path Traversal Writeups

File path traversal, simple case

Excited to Launch a YouTube Series on malicious shellcode analysis! In Part 1, I demonstrate an approach to manually extract shellcode from multi-stage malware using a debugger. To help you follow along, the video description includes all the necessary links so you can replicate the analysis step by step. 👉 Check out the first video here: https://lnkd.in/e7qtWEbd In Part 2, I’ll discuss an approach and tool I often use to automate shellcode extraction. Be sure to subscribe so you don’t miss the next installment!

File path traversal, simple case

I have been delving into understanding various exploits and privilege escalation vectors through writing articles and crafting walkthroughs. Recently, I completed a new piece focusing on the SeLoadDriverPrivilege. Check it out here: https://lnkd.in/e7mAJYdg So if you want to learn about an older exploit & why it works, you can find it here.

Part 2 of my YouTube series on malicious shellcode analysis is now live! This installment focuses on automating shellcode extraction—a faster alternative to the manual approach I shared in Part 1. If you're tackling multi-stage malware, the tool I discuss provides a reliable and customizable way to unpack code with precision. The video covers: ✅ Automating the extraction process ✅ Extending the method with custom patterns ✅ Practical examples you can replicate Please keep the feedback coming! Drop a question or comment, and stay tuned for Part 3, where I’ll dive into strategies for analyzing extracted shellcode.

🚀 New Write-Up Alert: Solving the Machine Sea Challenge on Hack The Box (HTB) 🛠️ I’m excited to share my latest write-up, where I walk through the complete process of tackling the Machine Sea challenge from HTB. If you’re passionate about cybersecurity, penetration testing, or just love a good technical breakdown, this one’s for you! 🌐 🔍 Key Highlights: 1️⃣ Enumeration - Nmap Scan. - Directory Brute Forcing using Feroxbuster. 2️⃣ Foothold - Exploiting WonderCMS for Remote Code Execution (RCE). - Gaining Access via Reverse Shell. - Cracking Hashed Password and Logging in as User amay. 3️⃣ Privilege Escalation - Uploading and Running LinPEAS for Target Information. - Using Chisel for Port Forwarding. - Logging into Internal Service with amay's Credentials. - Exploiting System Monitor Page for Root Access. 👉 Check out the full breakdown on Medium Link Below. #HackTheBox #HTB #Writeup #Walkthrough #CyberSecurity #PenTesting #EthicalHacking

🦎Greptile can now review your pull requests! The hardest part about reviewing PRs is having full context of the codebase, which is exactly what Greptile is great at! Greptile's PR review bot can comment on things like: ✨ potential bugs introduced by the changes ✨ potential security issues introduced by the changes ✨ duplicate code which may exist elsewhere in the codebase ✨ potentially missed edge cases ...and more! Learn more here 👉 https://lnkd.in/eiwnEiHx

🚀 New Write-Up Alert: Solving the Machine GreenHorn Challenge on Hack The Box (HTB) 🛠️ I’m excited to share my latest write-up, where I walk through the complete process of tackling the Machine GreenHorn challenge from HTB. If you’re passionate about cybersecurity, penetration testing, or just love a good technical breakdown, this one’s for you! 🌐 🔍 Key Highlights: 1️⃣ Enumeration - Nmap Scan. 2️⃣ Foothold - Pluck Exploitation: Source Code Analysis : Identified that pass.php contains a hashed password. - Password Cracking : Cracked the hash to gain admin access. - RCE Exploit : Used CVE-2023–50564 PoC to gain a reverse shell. 3️⃣ Privilege Escalation - linpeas : Uploaded and ran linpeas to gather information. User Access : Exploited file owned by junior user to gain access and retrieve the USER FLAG. - PDF Analysis : Download PDF : Retrieved a PDF from junior's home directory. - Depix Tool : Used to recover a password from a pixelated image in the PDF. - Depix Execution : Processed image to extract plaintext password. 👉 Check out the full breakdown on Medium Link Below. #HackTheBox #HTB #Writeup #Walkthrough #CyberSecurity #PenTesting #EthicalHacking

I've just published an insightful article on understanding and resolving CORS (Cross-Origin Resource Sharing) errors. The piece delves an overview into the root causes of these issues, explains why they occur, and provides practical solutions for developers. From server configuration to handling preflight requests, the article covers it all. If you're troubleshooting CORS or looking to enhance your knowledge on cross-origin security, this read is for you! #CORS #WebDevelopment #TechInsights #API #Security

Hey there, Here is the detailed Walkthrough of Administrator Machine ✌️! Hope this blog informative 👈