Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software, tracked as CVE-2023–34362, to steal data from organizations. MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, that allows the enterprise to securely transfer files between…

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023–25610, is rated 9.3 …

Learning Objectives Input validation of file upload funtionality Unrestricted file upload vulnerabilities Phishing through file uploads How to properly secure file upload functionality The Unrestricted in Unrestricted File Uploads The ability to upload files to a server has become integral to how we interact with web applications. Just think of…

Learning Objectives Web Applications The Open Web Application Security Project (OWASP) Top 10 IDOR Web Application A web application is a piece of software that we can use via a web browser. Unlike computer programs and smartphone applications, a web application does not require any installation on the user’s system to make use of…

Learning Objectives Learn the fundamentals of analysing malware samples without relying on automated sandbox scanners. Learn and understand typical malware behaviour and its importance in the incident investigation pipeline. Key Malware Behaviours Before touching the malware sample for this task, we need to briefly introduce common malware behaviours to have…

Learning Objectives Learn the fundamentals of analysing malware samples without relying on automated sandbox scanners. Learn and understand typical malware behaviour and its importance in the incident investigation pipeline. Key Malware Behaviours Before touching the malware sample for this task, we need to briefly introduce common malware behaviours to have…

The elves in Santa’s Security Operations Centre (SSOC) are hard at work checking their monitoring dashboards when Elf McDave, one of the workshop employees, knocks on the door. The elf says, “I’ve just clicked on something and now my workstation is behaving in all kinds of weird ways. …

Learning Objectives Using Metasploit modules and Meterpreter to compromise systems Network Pivoting Post exploitation Concepts What is Docker? Docker is a way to package applications, and the associated dependencies into a single unit called an image. This image can then be shared and run as a container, either locally as a developer or remotely on a…

Last Christmas I gave you my ETH Disclaimer: The purpose of this writeup is to help you when you get stuck not to do it for you. Obviously people at TryHackMe spent quite a lot of time creating this challenge. Please go through provided material first. ( you can learn something, after all. ;) What flag is found after attacking the provided EtherStore Contract? As always please read/watch the whole thing and then you can actually learn something. ;)