Welcome to infophreak

Don't miss our latest intel reports, blogs, and research. Cyber-security intel, research, and community — for phreaks, by phreaks.

Become a Phreak!

Latest Intel

View all →
Halloween 2025 CTF Announcement 🎃
Capture The Flag

Halloween 2025 CTF Announcement 🎃

infophreak is hosting their 2025 Halloween CTF from October 1st to October 31st. Compete to win prizes and glory!

·Team
Your next cloud with Nextcloud + Backblaze
Cloud

Your next cloud with Nextcloud + Backblaze

In this tutorial, I will be going over how to set up your very own Nextcloud server using Docker Compose on a public cloud provider like DigitalOcean.

·hikiko
TryHackMe Room Writeup: Sakura
Capture The Flag

TryHackMe Room Writeup: Sakura

This writeup covers the TryHackMe "Sakura" room, featuring an OSINT investigation into a fictitious hacker who attacked the OSINT Dojo. This room is designed to test a diverse range of OSINT techniques, including those related to image, social media, and geolocation intelligence.

·SirPicklJohn
OSINT: Tracking a Session-Hijacking Cyberattack to an Australian Carpet Company
Intelligence

OSINT: Tracking a Session-Hijacking Cyberattack to an Australian Carpet Company

This article covers a post-incident OSINT investigation that linked a recent business email compromise back to an Australian carpet company, due to a DNS registration mishap by the attacker. Persistence and pivoting are key for investigators!

·SirPicklJohn
What IS the Dark Web Anyway?
Operations Security

What IS the Dark Web Anyway?

A bird's eye view of the Dark Web focused on the essentials. If the inner workings of the Dark Web remain a mystery to you, this post was made to change that.

·r3g1s
OverTheWire Bandit Level 0-5 Walkthrough
Capture The Flag

OverTheWire Bandit Level 0-5 Walkthrough

This is the first in a series of walkthroughs for the OverTheWire Bandit wargame, a beginner-friendly cybersecurity challenge designed to help build proficiency in Linux and foundational security skills.

·En1gma
HackTheBox - Manager (Mobile) Walkthrough
Capture The Flag

HackTheBox - Manager (Mobile) Walkthrough

A client asked me to perform security assessment on this password management application. Can you help me?

·L0WK3Y
TryHackMe - Basic Pentesting Writeup
Capture The Flag

TryHackMe - Basic Pentesting Writeup

This is a write-up of my approach to the Basic Pentesting room on TryHackMe. The room is fairly simple and focuses on testing some fundamental pentesting skills.

·En1gma
Introduction to Physical Security
Physical Security

Introduction to Physical Security

Physical security is essential to any cybersecurity strategy. Without it, attackers can bypass digital defenses. This post explores how physical access controls, surveillance, and safeguards protect systems from real-world threats.

·NickFDI
Simple Way to Lockdown Your Website with Cloudflare Access
Infrastructure

Simple Way to Lockdown Your Website with Cloudflare Access

Do you have a web application running on Docker? Maybe you found an open-source app on GitHub but aren’t quite sure how secure the application is or if it’ll even stay that way in the future. Maybe your app doesn't have features like MFA, and you don’t want to make any changes to the code...

·hikiko
Using Azure Virtual Machines as a Netcat Reverse Shell
Offensive Security

Using Azure Virtual Machines as a Netcat Reverse Shell

This article demonstrates how an Azure VM can be configured as a Netcat reverse shell listener, detailing setup steps (opening ports, running nc), potential security risks, and mitigation strategies. It highlights detection methods via Azure logging and best practices to prevent misuse.

·Javier Guerra
PortSwigger Academy - User Role Controlled by Request Parameter
Web Security

PortSwigger Academy - User Role Controlled by Request Parameter

This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter

·L0WK3Y