2023 Ağustos ayında Tesla Model Y aracımı sıfır olarak aldım ve 2025 Şubat ayında sattım. 31bin KM yol yaptım. Bu blogpostta, bu araç ile olan deneyimimi sizlere aktarmak istiyorum. Tesla Model Y v...

In this episode, we will investigate CVE-2022-26134 of Atlassian Confluence. A preauth OGNL injection leading to Remote Code Execution. CVE-2022-26134 Details and information gathering Advisorie...

In this series of blogposts I will patch diff, analyze and craft exploits for old CVEs. CVE-2021-26084 Details and Information Gathering nist - CVE-2021-26084 In affected versions of Conflue...

In this series of blog posts we’ll explore exotic ways of hiding shellcode. “Years of solving stego challenges, had to pay” Part 1: Icons Our main goal is bypassing anti-viruses. We ideall...

I did my internship at STM this summer. During my internship, I prepared the Web category for STMCTF2021 with 4 challenges. In this blogpost, I will go over them. Hope you enjoyed it ! BountyP...

Prototype pollution is a very simple vulnerability yet tricky to find. In this blog post, I will try to explain prototype pollution, how it occurs and how should we search to find one. What is Pro...

This lab had 3 Windows end-user computers, 1 Netscaler FreeBSD server, 1 Citrix Windows server and 1 Domain Controller. Initial access was based on social engineering and phishing attacks, followed...

OpenAdmin HackTheBox üzerinde 20 puanlık ve “Kolay” olarak oylanmış bir makine. Makine üzerinde Uzaktan Kod Çalıştırmaya zafiyetli bir uygulama çalışıyor. Makinenin lokalinde çalışan farklı bir web...

OpenAdmin is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web application running that is vulnerable to Remote Code Execution. There is a web server running locally on the box. Af...

Control HackTheBoxta 40 puanlık “Zor” kategorisinde bir makine. Makine üzerinde sadece 1 ip addresinden erişilebilir olması gereken bir admin paneli var fakat bu admin paneline özel bir http başlığ...