Just dropped our writeup for MonitorsFour 🖥️ here: https://kaizenl.ink/5zen6j
A Windows machine featuring:
🔹 API IDOR for credential leakage
🔹 RCE via Cacti (CVE-2025-24367)
🔹 System compromise via Docker API escape
#ctf
One thing which really gives me pleasure doing boxes or CTFs is that there is so many different knowledge coming together. Sometimes I can feel my brain light up. (I wish I could get a fMRI of it ;) ).
Doing it in a group is also awesome, because everyone has different ideas and ways to think. So much fun :) (But I'm way too uncomfortable just joining a group of unknown people on Discord or so. Lucky for me I'm part of a small team.)
HackTheBox | Сезонное прохождение — Gavel
Перед началом разбора хочу отметить, что это один из моих первых writeup'ов в рамках сезонного ивента Season of the Gacha на HackTheBox. Машина Gavel оказалась весьма интересной и познавательной, но также она заставляет немного приложить усилий, терпения и логики. Не скажу, что у меня не было проблем с прохождением, но я думаю, что испытал внутреннее удовлетворение после прохождении, давайте приступим!
https://habr.com/ru/articles/974030/
#пентест #хакерство #hackthebox #ctf #pentesting #кибербезопасность #информационная_безопасность #sql_injection #sqlинъекции #повышение_привилегий
How does CAI handle 300+ AI models 🤖?
Cybersecurity AI (CAI) integrates a vast array of AI models, including OpenAI's GPT-4o, Anthropic's Claude 3, and custom ones like Qwen2.5. It achieves this through LiteLLM, a lightweight library supporting modular multi-model use, making AI-powered security testing efficient for diverse scenarios.
#CyberSecurity #AI #PenTesting
🔗 Project link on #GitHub 👉 https://github.com/aliasrobotics/cai
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
Реверс-инжиниринг приложений на Android: знакомство с Frida
Реверс-инжиниринг — это трудоемкая и интересная задача, которая поддается не всем. Любой может «скормить» программу декомпилятору, но не у всех хватит выдержки разобраться в хитросплетениях машинных команд. Процесс становится сложнее, если исследование проводится над программой для другого устройства, например телефона с ОС Android. Звучит сложно. Долгое время и мне так казалось, особенно при создании модов для приложений. Байт-код smali неплох, но писать на нем сложную логику вручную — неблагодарное занятие. Но недавно мне попался на глаза решение для динамического реверс-инжиниринга — Frida. Frida — это инструмент, который позволяет вживлять небольшой кусок JavaScript-кода прямо в запущенное приложение и менять его поведение. Под катом я расскажу, как работать с Frida, исследовать приложения на телефоне без root-доступа и создавать свои моды.
https://habr.com/ru/companies/selectel/articles/973526/
#selectel #ctf #frida #мобильное_тестирование #реверсинжиниринг
Who else is working on the Sidequest for #tryhackme #adventofcyber2025 and wants to team up?
AI CAI đã trở thành người dẫn đầu toàn cầu trong các cuộc thi tấn công mạng (CTF), vượt qua hàng ngàn đội người. Điều này đặt ra câu hỏi về việc liệu CTF còn là thước đo hiệu quả cho kỹ năng bảo mật của con người trong kỷ nguyên AI hay không.
#AICAI #CTF #Cybersecurity #AI #BảoMật #AnNinhMạng
AI CAI đang trở thành người dẫn đầu toàn cầu trong các cuộc thi CTF (Capture-the-Flag), vượt qua hàng ngàn đội người. Điều này đặt ra câu hỏi liệu CTF có còn là thước đo vững chắc cho kỹ năng con người trong an ninh mạng không? AI đang thay đổi cách chúng ta đánh giá tài năng bảo mật!
#AI #Cybersecurity #CTF #OffensiveSecurity #MachineLearning #AnNinhMạng #TríTuệNhânTạo
How does RAPTOR make AI-driven security smarter? 🦖🤖
RAPTOR fuses Claude Code with advanced tools like Semgrep, CodeQL, and AFL to create an autonomous security agent. It scans code, fuzzes binaries, analyzes vulnerabilities, and even generates patches or exploits—all while orchestrating defensive and offensive workflows. #CyberSecurity #AI
🔗 Project link on #GitHub 👉 https://github.com/gadievron/raptor
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
Today was a fun day. It had been a while doing CTF's. So I am not an expert but enjoyed doing it.
The #SURFcert put in a lot of effort to make it nice. So kudos to the organization. Hopefully I can join next year again 😄
🎄 Missed last year’s #radare2 Advent Calendar? No worries — the challenges are still live and ready to hack! Share your progress in the fediverse! 💪✨ #ReverseEngineering #CTF #infosec #radare2
https://radare.org/advent/
Just setting up some automated tests, where i need to connect some virtual serial ports of #qemu processes.
I noticed that my #socat skills have become quite rusty.
A sign that it's time for some #ctf fun and to pop some shells. Any suggestion? Where do you play these days? Is #hackthebox still a place go?
Ever wished for a tool that simplifies endpoint discovery? 🔍✨
Hakrawler is a blazingly fast web crawler built with Go, ideal for pentesting and reconnaissance. It extracts URLs, assets, and JavaScript files effortlessly, and its command-line options—like proxy support, JSON output, or subdomain crawling—offer flexibility for advanced workflows. Combine it with tools like Haktrails for robust OSINT.
#cybersecurity #pentesting #opensource
🔗 Project link on #GitHub 👉 https://github.com/hakluke/hakrawler
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️
During LakeCTF 2025 quals, I've worked on couple of challenges. Here's solution to Another Android Applaketion:
https://allthingsreversed.io/20251130-AnotherAndroidApplaketion.html #ctf #lakectf #reversing
With the Era box on #HTB retired I now finally can publish my writeup of this box
https://blog.maschmi.net/era-htb/
Thank you @mkalmes for reading it a few months ago and for the feedback on it. It helped me going forward with this!
I also submitted it as a community supplied walkthrough. Now I wait and hope it will be accepted 🤞
1/x
*** Update on my personal CyberSec journey
I haven‘t posted a lot recently, which doesn‘t mean I was lazy. The last weeks entertained several CTFs (PlatyPwn, Huntress, hack.lu, UniR) and also some fun professional events and great people with a focus on the EU Cyber Resilience Act (project networks, qSkills, and an event I hosted at my employer).
More in comments.
#ctf #cybersecurity #platypwn #huntress #hacklu #eucra #cra #arm64 #angr #tryhackme #thm #adventofcyber #39c3 #pwncollege
RE: https://infosec.exchange/@Pwn_la_Chapelle/115637890475138045
I had a great time and I’d be happy to contribute new challenges again next year :underheart: . Tinyhaj would like to thank everyone for the solves helping him.
I created and a bunch of great memes that will hopefully end up in the fediverse at some point.”
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst