HackTheBox - Manager (Mobile) Walkthrough
A client asked me to perform security assessment on this password management application. Can you help me?
Your friendly neighborhood malware analyst. Stay tuned, as I clear out my massive backlog of content! 🙂
A client asked me to perform security assessment on this password management application. Can you help me?
This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter
This lab has an unprotected admin panel. Solve the lab by deleting the user carlos.
SonarQube is an open-source SAST platform for continuous inspection of code quality, ensuring clean, maintainable, and reliable code. By integrating it with Docker, you can effortlessly manage its deployment, making it portable and easily scalable...
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
This blog serves to be an updated guide on how to install Bootloader/Fastboot drivers for your Android device. I will be using the Google drivers in this tutorial, so no suspicious downloads will be used at all in this blog!
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
This app contains some unique keys. Can you get one?
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
Cosmo Whales is an infostealer campaign masquerading as a Web3 videogame. Threat actors have been observed in the wild distributing malware via job advertisements for a Web3 game called Cosmo Whales.
We will investigate host-centric logs in this challenge room to find suspicious process execution. To learn more about Splunk and how to investigate the logs, look at the rooms splunk101 and splunk201.
You won't find the admin's secret password in this binary. We even encrypted it with a secure one-time-pad. Can you still recover the password?
This blog aims to provide a clear and comprehensive understanding of threat intelligence and threat hunting, their differences and how they work together.
TIS-100 is an open-ended programming game by Zachtronics, the creators of SpaceChem and Infinifactory, in which you rewrite corrupted code segments to repair the TIS-100 and unlock its secrets. It’s the assembly language programming game you never asked for!
In a dramatic turn of events, CrowdStrike's latest update inadvertently triggered the dreaded Blue Screen of Death (BSOD) for numerous users. As if the chaos wasn't enough, opportunistic threat actors seized the moment, posing as CrowdStrike support to distribute malware...
There is something on my shop network running at `nc mercury.picoctf.net 16524`, but I can't tell what it is. Can you?
Testing and validation form a part of the life cycle of every security system in the cybersecurity world. In the ever-increasing pantheon of tools at the disposal of security researchers stands one that has grown to become a de facto standard for testing...
It's a Friday evening at PandaProbe Intelligence when a notification appears on your CTI platform. While most are already looking forward to the weekend, you realize you must pull overtime because SwiftSpend Finance has opened a new ticket, raising concerns about potential malware threats.
Wannacry is a ransomware that utilized the EternalBlue exploit to propagate through the targets network and attacked outdated Windows computers globally in May of 2017.
Malware analysis is a crucial discipline within the field of cybersecurity that involves the in-depth examination of malicious software, often referred to as "malware."
This room is dedicated for the RE challenges, each challenge has unique concepts divided in each binaries. As if now only phase 1 is added will decide about phase 2 on response. Developed by WhiteHeart and tested by IslaMukheef
Forela is in need of your assistance. They were informed by an employee that their Discord account had been used to send a message with a link to a file they suspect is malware...