Search - urlscan.io
urlscan.io - Website scanner for suspicious and malicious URLs
This is my writeup for Bookworm, an Insane-difficulty machine from Hack The Box.
https://blog.0x7d0.dev/writeups/hack-the-box/bookworm/
Hack The Box: Bookworm
Bookworm is an Insane-difficulty machine from Hack The Box. We will exploit an XSS vulnerability to gain access to a grandfathered feature accessible only to a few users. Subsequently, we’ll leverage a Path Traversal vulnerability to acquire an initial password. Then, we will exploit a bug in an internal HTTP service to pivot to another user. This second user will possess privileges to a system for generating shipping labels, vulnerable to a double injection, allowing us to escalate our privileges to root.
I've published my writeups for the Hack The Boo 2023 CTF
https://blog.0x7d0.dev/
#hackthebox #ctf
0x7D0
Cybersecurity, Hacking and stuff
This is how attackers successfully exfiltrated 40 million credit card numbers from Target in 2013.
https://blog.0x7d0.dev/history/how-target-was-breached-in-2013/
#cybersecurity #cyberattack #databreach
How Target Was Breached in 2013
These days, phishing is a widely discussed topic, especially during October, which is Cybersecurity Awareness Month. There are plenty of examples of companies being hacked using this technique, and the breach of 40 million credit card numbers at Target, for instance, started with a phishing attack.
You always hear about threat actors, but not threat musicians – makes u think
How Equifax Was Breached in 2017
On a Saturday night, a security engineer at Equifax was updating an SSL certificate on a Network Intrusion Detection System (NIDS). Immediately after, suspicious connections were detected. After a more in-depth investigation, it became evident that the situation was far graver than anticipated. A service had to be promptly shut down to prevent further exploitation, but by that point, the damage was already done. Malicious actors had been exfiltrating data for several months and had already collected personal information from 163 million customers.
In this article, I explain how AES encryption works and how the algorithm is implemented.
https://blog.0x7d0.dev/education/how-aes-is-implemented/
#cryptography #programming #c
How AES Is Implemented
The AES algorithm is widely used today, whether it’s for encrypting a connection to a website, encrypting data on your hard drive, or storing passwords in your favorite password manager. It has been battle-tested for many decades and is still recommended as one of the most secure algorithms. In this article, I explain how AES encryption works and how the algorithm is implemented.
There are several modded Discord clients available that allow you to tweak the appearance or add certain features. However, some plugins can even unlock certain functionalities that require a paid subscription to Discord Nitro.
How is this possible?
https://blog.0x7d0.dev/history/unlocking-discord-nitro-features-for-free/
#hacking #reverseengineering #javascript
Unlocking Discord Nitro Features for Free
There are several modded Discord clients available that allow you to tweak the appearance or add certain features. However, some plugins can even unlock certain functionalities that require a paid subscription to Discord Nitro. How is this possible?
Have you ever tried to download videos from YouTube? I mean manually, without relying on software like youtube-dl, yt-dlp. It’s much more complicated than you might think.
https://blog.0x7d0.dev/history/how-they-bypass-youtube-video-download-throttling/
How They Bypass YouTube Video Download Throttling
Have you ever tried to download videos from YouTube? I mean manually without relying on software like youtube-dl, yt-dlp or one of “these” websites. It’s much more complicated than you might think.
SwiftOnSecurity
Jeremi M Gosney 