Category: cybersecurity
-
Defhawk CTF Writeup – NextJS Middleware Bypass
In this article, I will walk you through a CTF that simulates the NextJS middleware bypass vulnerability described in CVE-2025-29927. I will also discuss a simple Python POC that Google Gemini wrote for me. This helped me understand the vulnerability and find the flag. CTF Description https://defhawk.com/battleground/raid/appliedoffsecandwebsecurity/fakeestate The CTF link provides the following description: “You…
-
DefhawkCTF Writeup – THE LABS INTERNAL BREACH
In this article, I will walk you through how i solved this CTF. The CTF is described as follows: An internal reconnaissance phase has revealed that Internal Industrial System is running a legacy support portal for its OT (Operational Technology) engineers. While the portal isn’t directly exposed to the public internet via its IP, we suspect…
-
Defhawk CTF Writeup – Multiple XSS
In this writeup, i will walk you through a 3-level XSS CTF, available at the following link https://defhawk.com/battleground/raid/applied-off-sec-and-web-security/multiple-xss. The goal of these challenges is to trigger a pop up that says “defhawk” by bypassing the filters at that level. Click on Play Challenge to launch the web page with the challenge. Level 1 Click on…
-
Recmos Rat Basic Analysis Using BinaryRefinery
As part of my malware analysis learning journey, I came across this interesting analysis by @Cryptoware at https://www.youtube.com/watch?v=YPQuru6RISo&ab_channel=CryptoW%40re. The analyst uses the regular expression based, find-and-replace feature of SublimeText, to de-obfuscate a RemcosRat Malware Sample (Windows BAT file variant). The BAT file has 2 components – a part obfuscated in Arabic text and another base…
-
Windows File Drop List
I recently came across this interesting post on X documenting an approach to dumping File Drop Lists from the clipboard. Documenting my 5 mins of research into this topic. What is a File Drop List ? A file drop list in Windows is a collection of strings that contain file path information. It is stored in the…
-
TryHackMe Basic Malware RE -Strings::Challenge 3
Introduction This series of posts provides a writeup of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. In this writeup, we look at the 3rd challenge (Strings3). I am a malware RE newbie and these methods are by no means the best way…
-
TryHackMe Basic Malware RE -Strings::Challenge 2
Introduction This series of posts provides a writeup of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. In this writeup, we look at the 2nd challenge (Strings2). I am a malware RE newbie and these methods are by no means the best way…
-
TryHackMe Basic Malware RE -Strings::Challenge 1
Introduction This series of posts provides a walkthru of the tools and methods I used to crack the Malware RE samples listed in the following THM Room – https://tryhackme.com/r/room/basicmalwarere. I am a malware RE newbie and these methods are by no means the best way to crack the samples and find the flag. Comments and…
-
Preliminary Analysis of the WannaCry Malware Dropper
Table Of Contents Executive Summary The following are hashes of the main dropper executable. md5sum db349b97c37d22f5ea1d1841e3c89eb4 sha256sum 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c WannaCry is a ransomware cryptoworm which has the ability to encrypt files on an infected host and propagate through a network by itself. It attacked computers worldwide in 2017 until its march was stopped by a researcher…
Cyber Learnings 