Subdomain Takeover in AWS: making a PoC

Do you know how to make a PoC after finding a subdomain takeover in a AWS service? In this post I’ll share some insights and tips along with how to create a nice proof of concept so that our bugs get accepted and paid!

HackTheBox: Academy write-up

Attention to requests may result in becoming admin sometimes and an exposed Laravel APP key will always give you RCE! This write-up shows how to do that and more things like exploiting Composer to become root

HackTheBox: Bucket write-up

S3 and DynamoDB together in a box that will make you learn a lot about AWS but above all read documentation, a lot of documentation!

Subdomain Takeover in Azure: making a PoC

Most (if not all) bug bounty hunters know what a subdomain takeover is and what its impact is, but do you know how to actually take over the domain and make a working proof of concept?

HackTheBox: Passage write-up

Attention to detail was never so important! Passage will make those details be the key to the multiple privileges escalations needed to become root! Check it out!

HackTheBox: SneakyMailer write-up

Bits of automation with Python packages! Really cool box to learn different techniques, like trying to use an SMTP server to send emails using gathered data. Recommend it 100%

HackTheBox: Fuse write-up

Windows box and enumeration! Fuse combines a thorough exploration of different services to gather information and then use a password spraying attack to get a foothold into the system, after that a permissions misconfig allows us to get admin!

HackTheBox: Blunder write-up

Do you like finding rabbit holes? If so, this machine is for you. And don’t forget that googling for exploits is crucial!

HackTheBox: Cache write-up

Machine with different virtual hosts, one of them with a vulnerable openEMR instance. From there docker and Memcached are the way to root

HackerOne h1-2006 CTF write-up

Here is my write-up of how I solved HackerOne h1-2006 CTF, definitely learned a lot of new things!