Home • Vulndev

28JanJanuary 28, 2023

VL Shinra Part 4 – Reverse Engineering, Binary Exploitation & Ansible

This is part four of the Shinra series. We will get to access to a linux server via ssh, exploit a small authenticator app & use ansible to move to the next box.

By xctVulnlabansible, binary exploitation, linux

18JanJanuary 18, 2023

VL Shinra Part 3 – Initial Payload Design, Host Enumeration & getting SYSTEM

This is the third video of the Shinra series. We will get a shell on Ashleighs machine & escalate privileges.

By xctVulnlabactive directory, c2, evasion, phishing, runas, windows

10JanJanuary 10, 2023

VL Shinra Part 2 – Enumerate, Enumerate, Enumerate!

This is the second video of the Shinra series. Before setting foot onto any of the network's internal machines, we are going to spend a bit of time enumerating various things from our machine

By xctVulnlabactive directory, linux, windows

08JanJanuary 8, 2023

Real World CTF 2023 – NonHeavyFTP

This is a short writeup on the "NonHeavyFTP" challenge from Real World CTF 2023. This was one of the easier challenges with the goal of exploiting LightFTP in Version 2.2 (the latest one on github at the time). I ended up with a file-read vulnerability that allowed to read the...

By xctCTF, Fuzzingcustom exploitation, ftp, linux

07JanJanuary 7, 2023

VL Shinra Part 1 – SQLi, Command Injection & Hash Cracking

This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various topics along the way.

By xctVulnlabcommand injection, linux, password cracking, sql injection

03NovNovember 3, 2022

Ekoparty 2022 BFS Windows Challenge

In this blog post, we will solve the Windows userland challenge that Blue Frost Security published for Ekoparty 2022.

By xctCTF, Windows Userland Exploitationbinary exploitation, windows