Today I updated some of my bug hunting/hacking/pen-testing techniques(some of them ha ha not all I need to keep my job, unfortunately we live in capitalism and I need to pay bills) here is one of the new sections I create with updated techniques https://man.sr.ht/~rek2/Hispagatos-wiki/bughunting/ai_ml_security_2025.md #hacking #hackerculture #hackingIsNotACrime #2600
#2600Madrid #hispagatos check them all here: https://man.sr.ht/~rek2/Hispagatos-wiki/documentos.md look on the #bughunting section open for git-email patches! so send them ;) #htb #hackthebox #ctf
#htb
0 posts0 participants0 posts today
I published my WriteUp of MagicGardens box from @hackthebox_eu
https://v0lk3n.github.io/writeup/HackTheBox/Box/MagicGardens/HTB-MagicGardens_WriteUp
I hope that you will like it :)
Just finished another HARD #Linux box from #HTB #hackthebox I enjoyed the box, but the first part was a pain also super unstable! https://www.hackthebox.com/achievement/machine/16000/628 #happyHacking #HackerCulture #Hackers #hacking #hispagatos
www.hackthebox.com · Owned Yummy from Hack The Box!I have just owned machine Yummy from Hack The Box
#pwned "Vaccine" today. The box was a lot of fun! Didn't need to lookup the writeup until the #privilegeescalation part. #Hackthebox really is a great resource for learning.
#htb #learntohack
FUN #htb BOX! I really enjoy it!! I love #GO and #Rust ;) the first part was easy, the second part was harder but was fun! a lot of moving pieces that thrift, but knowing GO helps a LOT, attention to detail, specially with last step! Happy Hacking!!! careful on the rabbit paths/holes! https://www.hackthebox.com/achievement/machine/16000/625
#hackthebox #HackerCulture #HackingIsNotACrime #hispagatos #CTF #CaptureTheFlag #hackers #hacking
www.hackthebox.com · Owned Caption from Hack The Box!I have just owned machine Caption from Hack The Box
Curious... we've covered a number of things on the IC_Null streams so far, is there anything people are curious about in particular? I'm streaming tonight after about a month of not doing so and I'm not quite set on a topic yet :)
If this is new to you, I stream #programming, #cybersecurity, #tech etc. stuff from the perspective of a fully #blind practitioner of such things. No monitors here, just #screenReader and keyboard.
So, what do I do? #TryHackMe? #HTB Academy? Something else entirely like working with #audio? Some kind of #auditing demo? Have a website/tool for me to roast/review? Requests welcome :)
#a11y #accessibility #selfPromo #infoSec #AMA
After all night 6am around here, and before most of Sunday, #hacking at it, I was able to p0wn the new "insane" label this week's season #htb #hackthebox https://www.hackthebox.com/achievement/machine/16000/623 the techniques are well known, at least the ones that I used, msg me on #matrix or #usenet if stuck #HackerCulture #Hispagatos #hackers #HackingIsNotACrime find us in #usenet #alt.2600.madrid and #hispagatos.talk #Hackers #CTF #HackTheSystems
www.hackthebox.com · Owned Infiltrator from Hack The Box!I have just owned machine Infiltrator from Hack The Box
This week #HTB #hackthebox #CTF box was a hard one, was on and off with it since Saturday night! A lot of new technologies that I was not introduced to like #dotnet on a #linux server (lol yes a Frankenstein) and #blazer mixed up with your #classic chained #LFI/#SSRF vulnerabilities along new ones, I have learned a lot of new things on this one https://www.hackthebox.com/achievement/machine/16000/621 #hackerculture #ctf #hispagatos #HackingIsNotACrime
see ya in #usenet #alt.2600.madrid where the #hackers chat
www.hackthebox.com · Owned Lantern from Hack The Box!I have just owned machine Lantern from Hack The Box
Continued thread
I have more to say :) Tonight (for me that is) at 3 PM EST I will brave the tropical heat to talk more about #hackTheBox, its #accessibility, and how it stacks up with #TryHackMe who apparently feel sending out user-customized newsletters is more important than making sure people can actually use their platform 
:P
Join me as we dig more into this platform and how #screenReader users would or would not use it :) see you then, over at https://twitch.tv/ic_null or https://youtube.com/@blindlycoding #infoSec #cyberSecurity #THM #HTB #CPTS #selfPromo
TwitchIC_null - TwitchFully blind person hacking, coding and tinkering while using a screen reader. THM, HTB, accessibility, all the things.
Continued thread
Alright folx, time for a new vict...I mean... chapter. Tomorrow, we'll be taking our first look at #hackTheBox, primarily #HTb Academy. Often considered a less handholdy #tryHackMe, this is another fantastic resource for getting folks new to #infosec skilled up. But how do they fare where #accessibility is concerned? Better than THM? Worse? We'll have to see.
Checking this out tomorrow at 3 PM EST, 9 PM CEST. I'm making a bunch of noise behind the scenes, let's see if we can get some folks who actually work there to sit up and take notice. See you then over at https://twitch.tv/IC_Null or https://youtube.com/@blindlyCoding #HackTheBoxAcademy #HTBA #selfPromo #twitch #YouTube #screenReader
TwitchIC_null - TwitchFully blind person hacking, coding and tinkering while using a screen reader. THM, HTB, accessibility, all the things.
This is a well written and fun writeup of a HTB Ruby webapp challenge.
https://0xdf.gitlab.io/2024/07/06/htb-perfection.html
However, the vulnerability is extremely unrealistic and contrived. Almost like they intentionally wrote a ridiculously vulnerable app. No one writing a Sinatra app would do ERB.new(File.read(...)) because Sinatra has a built-in helper method called erb which renders .erb templates from the views/ directory! Also, almost no one would ever render user input using ERB.new (string interpolation is easier and safer), unless maybe you were implementing a CMS with custom user templates and didn't know about Liquid templates.
I worry that HTB is giving beginners an unrealistic view of Ruby security with these overly contrived challenges.
#htb #ruby #security #websec #appsec #training
0xdf hacks stuff · HTB: PerfectionPerfection starts with a simple website designed to calculate weighted averages of grades. There is a filter checking input, which I’ll bypass using a newline injection. Then I can exploit a Ruby server-side template injection to get execution. I’ll find a database of hashes and a hint as to the password format used internally, and use hashcat rules to crack them to get root access. In Beyond Root, I’ll look at the Ruby webserver and the SSTI vulnerability.
I published my WriteUp of Analysis box from @hackthebox_eu
https://v0lk3n.github.io/writeup/HackTheBox/Box/Analysis/HTB-Analysis_WriteUp
I hope that you will like it :)
It's been a minute, but had a little bit of time to play @hackthebox_eu 's Business CTF, and put together a writeup for their hardest reversing challenge!
notateamserver.xyz/htb-biz-satellite-hijack/ #htb #ctf #reverseengineering #infosec #linux #elf
root@An00bRektn:~/blog#HTB Business CTF 2024: Satellite HijackSorry hardware/iot folks, no satellites were harmed in the process of reversing this binary.
To show complete beginners how penetration tests are done I conducted a workshop today on BSides Pakistan Discord Server.
I demonstrated an easy box "Blue" from HackTheBox and shown how penetration tests are done in real life.
You can watch recording of the workshop at https://video.infosec.exchange/w/93avZE54PdiXBCZTZ8aoY1
Who will be participating in the Hack The Box "Cyber Apocalypse" event in March? #HTB #HACKTHEBOX #CyberApocalypse #CTF
Leave a comment if you vote 
AFTER 4 WEEKS! On and off at it, I FINALLY DID IT!!! Fucking hardest machine I have ever done in #hackthebox in 6-7 years! OMG I again have all the boxes that give points done 100% https://www.hackthebox.com/achievement/machine/16000/581 #hispagatos #hackthesystem #hacktheplanet #HackAllTheThingz #htb #hackers #hacking #CTF #capturetheflag come to #usenet to #alt.2600 and #alt.2600.madrid FUCK YEAH I am getting drunk tomorrow!
www.hackthebox.com · Owned Corporate from Hack The Box!I have just owned machine Corporate from Hack The Box