Tag: writeup
-
Defhawk CTF Writeup – NextJS Middleware Bypass
In this article, I will walk you through a CTF that simulates the NextJS middleware bypass vulnerability described in CVE-2025-29927. I will also discuss a simple Python POC that Google Gemini wrote for me. This helped me understand the vulnerability and find the flag. CTF Description https://defhawk.com/battleground/raid/appliedoffsecandwebsecurity/fakeestate The CTF link provides the following description: “You…
-
DefhawkCTF Writeup – THE LABS INTERNAL BREACH
In this article, I will walk you through how i solved this CTF. The CTF is described as follows: An internal reconnaissance phase has revealed that Internal Industrial System is running a legacy support portal for its OT (Operational Technology) engineers. While the portal isn’t directly exposed to the public internet via its IP, we suspect…
-
Defhawk CTF Writeup – Multiple XSS
In this writeup, i will walk you through a 3-level XSS CTF, available at the following link https://defhawk.com/battleground/raid/applied-off-sec-and-web-security/multiple-xss. The goal of these challenges is to trigger a pop up that says “defhawk” by bypassing the filters at that level. Click on Play Challenge to launch the web page with the challenge. Level 1 Click on…
-
Preliminary Analysis of the WannaCry Malware Dropper
Table Of Contents Executive Summary The following are hashes of the main dropper executable. md5sum db349b97c37d22f5ea1d1841e3c89eb4 sha256sum 24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c WannaCry is a ransomware cryptoworm which has the ability to encrypt files on an infected host and propagate through a network by itself. It attacked computers worldwide in 2017 until its march was stopped by a researcher…
Cyber Learnings 