TL;DR Password for update server published accidentally online by SolarWinds in 2019 Key Orion software available online that enabled attackers to study code in order to create methods to hide Exploiting update server easy and highly likely Malicious software communicated via HTTP to third party servers, this is easy for any…

Firstly I want to say that I highly recommend https://pwnable.kr/play.php to learn exploit development, the site is full of nice and easy to follow mini-challenges that you can conquer one by one. Best of all you simply ssh so no need to install VMs etc. I wanted to do a…

Hi everyone, it’s been some time since I last posted but I was just playing IO WARGAME and decided to write some up some solutions in the hope it may help people just starting out. Firstly, ssh in to the box (password: level1) ssh level1@io.netgarage.org Now enter the challenge directory …

As you should know by now, this blog has moved but incase you have missed it, check back to the site daily: https://labs.p64cyber.com This blog will only post links like below every few days. Day 83: What is Modbus? https://labs.p64cyber.com/what-is-modbus/ Day 84: Linux Privilege Escalation https://labs.p64cyber.com/linux-privilege-escalation/ … Day 85: LD_PRELOAD Injection (Load Order Matters, http://AttackDefence.com , Linux Priv. Esc. Intermediate Category) @SecurityTube https://labs.p64cyber.com/ld_preload-injection/ …

Hunting for Vulnerabilities in Android Apps with Burp and APK Tools For some the world of mobile apps is a mystery, locked deep inside the smart phone they are untouchable and do things…labs.p64cyber.com

Today I am sharing more than one post, the new site, P64. Over time P64 will become the number one online offensive security resource, it was created out of frustration of having hundreds of bookmarks, many open tabs, endless broken links and a lack of consistent ways for displaying information…

Becoming a Version Detection Ninja with GIT Sometimes you can't find versions, or where vulnerabilities may lurk, for this I use an open source tool called GitUp…labs.p64cyber.com

Today I have created a guide that will be constantly added to, it’s aim is to be the best FTP resource for pentesters. FTP (21) Banner Grabbing telnet 10.10.10.10 21 Anonymous Access ftp 10.10.10.10 Username: anonymous OR anon Password: any Hydra…labs.p64cyber.com

Have you heard about Hack the Box? I hope so, it’s literally so damn good words can’t express how thankful I am to the creators. If you have not, it’s an online platform to test and advance your skills in penetration testing and cyber security. Awsome. Hack The Box :: Penetration Testing Labs An online platform to test and advance your skills in penetration testing and cyber security. Join today and start…www.hackthebox.eu