Priti Sharma’s Post

Proof of concept for CVE-2024-36401 on GeoServer. This demonstration aims to initiate a reverse shell connection on the target system. Details: https://lnkd.in/e-ZMMF6R #cybersecurity #infosec #infosecurity

HACKSUDO: THOR Vulnhub CTF Walkthrough Welcome to the HACKSUDO walkthrough of THOR, a captivating Vulnhub CTF challenge. In this concise guide, we'll unravel the mysteries of THOR, highlighting key steps to conquer its vulnerabilities and claim the flags. So, join us on this thrilling journey as we navigate through the depths of THOR's security landscape. Let's dive in! Razz Security Academy Mahesh Razz

blog on HACKSUDO: THOR vulnhub CTF Walkthrough done by our intern Meghana U At Razz Security Academy, we've developed a Cyber Security and Ethical Hacking foundation course to provide essential insights into offensive security practices and diverse developed cybersecurity domains, thereby equipping individuals with valuable knowledge for cybersecurity roles. These are the modules that will be provided in the course: 1. Introduction to Ethical Hacking & Cyber Security 2. Networking Fundamentals 3. Basics on Linux 4. Information Gathering 5. Wi-Fi Hacking 6. Android Hacking 7. HackLab Setup 8. Nmap and Metasploit 9. System Hacking 10. Man In The Middle Attack 11. Cryptography 12. Google Hacking Database(GHDB) or Google Dorking 13. Steganography 14. Burp Suite 15. Content and Sub-Domain Discovery 16. Web Application Hacking This will further help you Explore core concepts such as SOC (Security Operations Center), VAPT (Vulnerability Assessment and Penetration Testing), and other cybersecurity concepts that will further enhance your understanding and expertise in cybersecurity. we are providing courses in 3 different modes: 1. offline (weekdays/weekends) 2. online 3. self-paced. To join the course and further queries +91 8618710868 contact@razzsecurity.com Follow Razz Security Academy for updates on jobs. ( Note: Kindly join on both apps and new job updates will be there ) Discord group: https://lnkd.in/gmV6UmsX Whatsapp group: https://lnkd.in/gzvWmVqk VAPT Jobs, SOC Analyst (ICSA), CyberSecurity Jobs, SIEM & SOC CyberSecurity Jobs, Cybersecurity Jobs , CSOC Analyst - Cyber Security Operations Center , Splunk Security Operations Center Analyst QRadar Security Operations Center Analyst SOCAnalyst Penetration Testing Penetration Tester (ICPT) Penetration Tester Redfox Security - Penetration Testing Services #jobsearch #cybersecurityjobs #jobhiring #hiring #jobalert #jobforfresher #Discord #community #securityanalyst #socanalyst #cybersecurityanalyst #applicationsecurityengineer #networksecurityengineer #vulnerabilityassessment #penetrationtesting

CVE-2024-3094 has shaken the open source community with its critical supply chain compromise, affecting XZ Utils and potentially enabling unauthorized access through SSH authentication bypass. The silver lining is that this brought some great research from the community. Get the details, and the technical analysis from the Vulcan Cyber research team and how to fix the CVE in our blog >> https://lnkd.in/dYkfw9fi

Having so much time to do digital forensic CTF based with MemLabs and #volatility and it is refreshing .. i have reach Lab 4 … thanks to #infosec for creating foundation class about Digital Forensic Concept, now i understand why the Chain of Custody is crucial important … Lets enhance the Digital Forensic training … https://lnkd.in/gUdiztbE #digitalforensics #cybersecurity

Proving Grounds Practice — CTF-200–01 https://lnkd.in/dFW6bjVe #bug #bugs #bugbounty #bugbountytip #bugbountytips #hacking #hacker #ethicalhacking #ethicalhacker #ethicalhackers #cybersecurity

Urgent security alert 🛑 CVE-2024-3094 has shaken the open source community with its critical supply chain compromise, affecting XZ Utils and potentially enabling unauthorized access through SSH authentication bypass. The silver lining is that this brought some great research from the community. Get the details, and the technical analysis from the Vulcan Cyber research team and how to fix the CVE in our blog >> https://lnkd.in/dNn3xDgC

🚨 New Write-up Alert! 🚨 I'm excited to share one of my latest write-ups, published in "System Weakness," in which I walk you through conducting a penetration test of Kioptrix Level 2 from VulnHub! This write-up is designed to help anyone interested in learning basic tools and techniques for vulnerability assessment and exploitation. Kioptrix Level 2 is a beginner-level challenge that involves performing initial reconnaissance and gaining root access using tools and techniques like Netdiscover, Nmap, SQL Injection, Reverse Shell, and Privilege Escalation. #cybersecurity #ethicalhacking #penetrationtesting #ctf #kioptrix #vulnhub #cybertechmaven #learningbydoing

Just Completed : Broker from HackTheBox ActiveMQ Exploit & Nginx Privilege Escalation 🚀🔑 Here is how i did it 🛤️: 🔍 Enumeration: - Rustscan ⚡: Scanned for open ports using Rustscan. - Nmap 🔧: Used Nmap to dive deeper into the services and versions running on the open ports. - ActiveMQ 5.15.15 🎯: Discovered ActiveMQ running on port 61616. 🌐 Exploitation: - ActiveMQ Exploit 🧨: Found an exploit for ActiveMQ 5.15.15, which gave me a reverse shell directly as the user. - Reverse Shell 🕹️: Accessed the system as the user with the reverse shell. - User Flag 🏁: Retrieved user.txt. 🔝 Privilege Escalation: - Sudo Permissions 🕵️: Checked sudo privileges and found that I could run nginx as root. - Nginx Exploit ⚙️: Found a Local PrivEsc exploit involving nginx, allowing me to add an SSH key to root's home directory. - SSH as Root 🔑: Used the private key to SSH in as root. - Root Flag 🏁: Retrieved root.txt. By exploiting ActiveMQ to get a reverse shell directly, and then leveraging an Nginx trick for privilege escalation, I gained root! 🎯🚀 Proof: https://lnkd.in/epFGvuGe Writeup: https://lnkd.in/erCrBZMQ #HackTheBox #Broker #Rustscan #Nmap #ActiveMQ #ReverseShell #SudoNginx #PrivilegeEscalation #RootAccess #Cybersecurity #LinuxExploit #CTF #Pwned