HackTheBox
HTB Bastion: Mounting Secrets from the Past
Windows machine walkthrough: SMB share enumeration, VHD file mounting for SAM credential extraction, and privilege escalation via mRemoteNG password decryption.
Articles
HackTheBox
HTB Valentine: Heartbleed to Root via tmux Session Hijack
Exploiting the Heartbleed vulnerability (CVE-2014-0160) to leak SSH credentials from memory, then escalating to root by hijacking an active tmux session.
HackTheBox
HTB Curling: Joomla RCE to Curl Config File Abuse
Joomla CMS exploitation for initial access through admin panel takeover, followed by Linux privilege escalation via curl configuration file abuse.
Vulnerability Research
CVE-2026-34156: VM Sandbox Escape to RCE in NocoBase
Critical VM sandbox escape vulnerability (CVSS 9.9) in NocoBase enabling remote code execution. Full technical analysis, proof of concept, and disclosure timeline.
HackTheBox
HTB Beep: LFI to Root via Nmap Binary Exploitation
Elastix PBX exploitation via local file inclusion to extract credentials, then multiple paths to root including Nmap interactive mode abuse.
Vulnerability Research
Applying Ethical Theories in Responsible Disclosure Program
How utilitarianism, deontology, and virtue ethics guide responsible vulnerability disclosure decisions. A framework for balancing public safety and vendor relationships.