Security Articles & Resources

My Journey into HTB Dante: Pivoting Through Pain, Earning the Glory

A beginner-friendly (and slightly painful) walkthrough of Hack The Box’s Dante Pro Lab. Learn how I tackled pivoting, privilege escalation, and Active Directory challenges and what tools, tips, and scripts helped me survive and thrive in this intense red teaming lab environment.

Sid Joshi

Jun 22, 2025 1 min read

active directory privileges escalation smb +1

Inside the Android App: Breaking Insecure Crypto in SharedPreferences

While analyzing an Android app during a mobile security assessment, I stumbled upon something interesting in its shared_prefs directory. I…

0xZox

Jun 18, 2025 1 min read

Android Penetration Testing Reverse Engineering

From Zero Creds to Enterprise Admin

Active Directory remains the backbone of most corporate network environments. Despite being a mature technology with decades of security research behind it, ...

xbz0n

Jun 09, 2025 1 min read

Active Directory responder

HubSpot Full Account Takeover in Bug Bounty - InfoSec Write-ups

Hi everybody, our story today will be about how I was able to get a Full account takeover on HubSpot Public Bug Bounty Program at Bugcrowd platform While I was testing authentication functions I came…

Omar Hashem

Jun 04, 2025 1 min read

Bug Bounty Cybersecurity Hacking +2

Recommended Design for a Secure Network Architecture

In this writeup, I will be discussing a new topic focusing on network security and specifically a “recommended” network architecture…

Naka

Jun 04, 2025 1 min read

Networking Cybersecurity Network Security +2

Bypassing Cloudflare WAF to Trigger Reflected XSS on a Major Health Information Platform

Overview

Kamran Khan

Jun 02, 2025 1 min read

Bug Bounty Writeup Xss Vulnerability Cloudflare

NahamCon CTF 2022 Android Writeup (Solutions)

Two days ago, I helped my friends to solve CTF NahamCon2022 challenges. I was wondering about Android challenges, so I focused on them. In this blog post, I’ll explain how I solved Android challenges. Mobilize This one was an easy challenge for beginners. Anyone could solve this. :)) I opened the APK file in Jadx-GUI. There was nothing in MainActivity. So I just searched in strings.xml, and there it is. FLAG!

Kousha Zanjani

Jun 01, 2025 1 min read

Android CTF CaptureTheFlag +1

How to Bypass Encryption Mechanism in Android Apps - InfoSec Write-ups

Hi Folks, hope you are well. As you know developers and pentesters are always into a cat and mouse game. No matter how much we want to deny the fact but we make each other’s life a little tough…

Jaimin Gohel

Jun 01, 2025 1 min read

Android Pentesting Hacking Frida +2

Understanding Integer Overflow in Windows Kernel Exploitation – White Knight Labs

In this blog post, we will explore integer overflows in Windows kernel drivers and cover how arithmetic operations can lead to security vulnerabilities. We will analyze real-world cases, build a custom vulnerable driver, and demonstrate how these flaws can impact memory allocations and system stabil

Jay Pandya

May 31, 2025 1 min read

kernel exploitation

Full-Blown SSRF to Gain Access to Millions of Users’ Records and Multiple Internal Panels

This write-up details an SSRF vulnerability that allowed unauthorized access to millions of sensitive data and internal services.

Skyer