“In a successful CSRF attack, the attacker causes the victim user to carry out an action unintentionally. For example, this might be to change the email address on their account, to change their password, or to make a funds transfer. Depending on the nature of the action, the attacker might be able to gain full control over the user’s account. If the compromised user has a privileged role within the application, then the attacker might be able to take full control of all the application’s data and functionality.…

We stumbled upong OverTheWire:s Advent Bonanza CTF in 2019 and we were instantly hooked. The whole idea of releasing one new hacking challenge every day is genius and very addictive for the participants. At Cybix we even started a new thing called lunch-hacking. Eating food while hacking on the latest challenge during december is a new tradition. So you can only guess our frustration when the 2020 edition of this CTF was canceled.…

This writeup describes how I approached the box Bountyhunter from Hackthebox. The box is based on Linux and it is rated easy. My style of writeups is to describe how I was thinking when attacking them. My personal opinion is that I learn from analyzing my process over and over again, and you learn more from understanding the process than just following a guide. So if you just want a step by step guide perhaps it’s best to look elsewhere.…

CVE-2019-6447 | “The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.” If you never tried hacking Android-devices before this could be a good first box. The credentials found for the User-flag was very CTF-like but I think the box was OK anyway.…