Security Research Blog
  • Home
  • About
  • AI Security
  • CTF
  • CVE Disclosures
  • Contact

Articles

HTB Irked Writeup: UnrealIRCd Backdoor to Root via SUID Abuse

HackTheBox

HTB Irked Writeup: UnrealIRCd Backdoor to Root via SUID Abuse

Exploiting the UnrealIRCd 3.2.8.1 backdoor for initial shell access, then escalating to root through a custom SUID binary on Linux.

By Onurcan Genç 21 Mar 2026 5 min read
HTB Cicada: From Password Spraying to Token Abuse

CTF Writeups

HTB Cicada: From Password Spraying to Token Abuse

Active Directory machine: password spraying for initial foothold, LDAP enumeration, and domain admin access through SeBackupPrivilege token abuse.

By Onurcan Genç 20 Mar 2026 6 min read
HTB Bank: Chasing Balance Transfers to Root Shell

CTF Writeups

HTB Bank: Chasing Balance Transfers to Root Shell

DNS enumeration reveals a hidden banking application. File upload restriction bypass for webshell access, then root via writable SUID binary.

By Onurcan Genç 19 Mar 2026 6 min read
HTB Nibbles: File Upload to Root

HackTheBox

HTB Nibbles: File Upload to Root

Nibbleblog CMS arbitrary file upload vulnerability for initial shell, then root access through sudo misconfiguration on Linux.

By Onurcan Genç 16 Mar 2026 5 min read
HTB Devvortex: From Joomla Info Disclosure to Root

CTF Writeups

HTB Devvortex: From Joomla Info Disclosure to Root

Joomla information disclosure (CVE-2023-23752) leaking database credentials, then privilege escalation to root via apport-cli on Linux.

By Onurcan Genç 16 Mar 2026 5 min read
HTB Bounty: File Upload to System via Chimichurri

HackTheBox

HTB Bounty: File Upload to System via Chimichurri

IIS file upload bypass via web.config for initial shell on Windows, then SYSTEM access using the Chimichurri (MS10-059) kernel exploit.

By Onurcan Genç 14 Mar 2026 6 min read
← Newer posts Page 2 of 4 Older posts →
Security Research Blog
  • Privacy Policy
  • GitHub
  • RSS
© 2026 Security Research Blog