top of page

Search


Pikaptchu - Hack the Box - DFIR
Scenario 🛠️ Scenario Overview An attacker sends a phishing email to the victim, claiming it's an urgent Microsoft Office update. The...
BlueDolphin
May 5


NeuroSync-D - Hack the Box Lab
| CVE-2025-29927 (auth bypass in Next.js)
| SSRF to scan and find internal services
| LFI to steal secrets
| Redis injection for command execution
BlueDolphin
Apr 12


CSRF SameSite Strict bypass via sibling domain
This lab's live chat feature is vulnerable to cross-site WebSocket hijacking (CSWSH)
BlueDolphin
Mar 16


Exploiting CSRF: Bypassing SameSite Strict with Client-Side Redirects
This lab's change email function is vulnerable to CSRF.
BlueDolphin
Jan 26


Hack the Box - Investigation (Medium)
Engagement Flow Tools used Burpsuite EVTX Parser by omerbenamram WhatWeb Netcat SCP Ghidra Moonwalk Tactics/Techniques File upload abuse...
BlueDolphin
Dec 20, 2024


Server-Side Parameter Pollution (SSPP) Through Query Strings
YouTube Index: Introduction What is Server-Side Parameter Pollution Understanding the Query String in an API Request Example Injecting...
BlueDolphin
Nov 23, 2024


Boss Of The SOC V1 Blue Team Lab
High Level Details: Attacker 1: 40.80.148.42 Attacker 2: 23.22.63.114 CMS: Joomla Site: imnotreallybatman.com Site IP: 192.168.250.70...
BlueDolphin
Aug 14, 2024


DownUnderCTF - Web - Python Prototype Pollution
This challenge demonstrates a classic prototype pollution vulnerability.
BlueDolphin
Jul 7, 2024


UIUCTF 2024 - Fare Evasion
A Classic MD5 SQL Injection Bypass Attack.
BlueDolphin
Jul 2, 2024


US Cyber Games 2024 - Certified
Extract a plain text RSA key from HTTP, format it, save as .key, and import into Wireshark with the correct IP, PORT, and protocol for decr
BlueDolphin
Jun 10, 2024


US Cyber Games 2024 - Ding-O-Tron
Visual Workflow Summary Summary Identifying hidden functions generated dynamically was at the core of this challenge. While the giveFlag...
BlueDolphin
Jun 10, 2024


NahmaCon CTF 2024 - 1337 Malware
Follow along with my YouTube video for an interactive walkthrough. Visual Workflow summary The challenge starts with a provided PCAP file...
BlueDolphin
May 27, 2024


Splunk Incident Handling - Exploitation Detection THM series 2/7
Note - You can view my video writeup below 📺🎬🎥 https://youtu.be/xnjWVL7i7HA 📺🎬🎥 This room covers an incident Handling scenario...
BlueDolphin
May 21, 2024


Hack The Box Machine Write-Up: Codify
Checkout my YouTube Video Writeup https://youtu.be/BbXbbBDW48c Engagement Flow Tools used John Chat GPT Moonwalk Tactics/Techniques...
BlueDolphin
May 6, 2024


Hack the Box - Incident Response - Meerkat
Attackers workflow mapped Attacker's Summary This summary will cover the attackers workflow as discovered from my point of view. I...
BlueDolphin
Mar 25, 2024


Hack the Box - Forensics - Red Miners
CHALLENGE DESCRIPTION In the race for Vitalium on Mars, the villainous Board of Arodor resorted to desperate measures, needing funds for...
BlueDolphin
Mar 3, 2024


Hack the Box - WEB - Juggling facts
CHALLENGE DESCRIPTION An organization seems to possess knowledge of the true nature of pumpkins. Can you find out what they honestly know...
BlueDolphin
Feb 4, 2024


Post Incident Response - I like to - Sherlock by HTB
Attackers workflow mapped Attacker's Summary This summary will cover the attackers workflow as discovered from my point of view. I...
BlueDolphin
Dec 3, 2023


🔐 Hack The Box Machine Write-Up: PC
This machine involves RPC servers, command injection and a CVE with a twist on SQL injection and burpsuite.
BlueDolphin
Oct 30, 2023


Incident Handling with Splunk - THM Series - Phase 1/7 Reconnaissance
This room covers an incident Handling scenario using Splunk.
BlueDolphin
Oct 30, 2023


Tenable Capture the Flag - Web - Cat Viewer
SQL Injection manual (NO AUTOMATION)
BlueDolphin
Aug 13, 2023


Hack the Box - Precious
Engagement flow Summary This machine starts off with some basic web enumeration. The user learns about a web page pdf conversion...
BlueDolphin
Jun 27, 2023


Hack the Box - Soccer
Engagement Flow Summary This is my writeup for the Hack the Box Machine "Soccer". Tools Used whatweb Processes/Techniques Web enumeration...
BlueDolphin
Jun 27, 2023


Hack the Box - Stocker
Engagement Map Enumeration We start off with a casual NMAP scan including the flags for service scanning and version discovery. Initially...
BlueDolphin
Jun 27, 2023
bottom of page