Writing &amp; research.

Cypher - HTB Machine

Cypher is a HTB machine running a web app that relies on a Neo4j graph database. A Cypher-injection flaw lets us bypass the login logic and enumerate data. Then, an exposed directory holds a JAR file…

Jul 2025

Artificial - HTB Machine

Artificial is a machine with a web interface that allows to upload and execute TensorFlow .h5 model files. The initial foothold was obtained by embedding a reverse shell code inside a Lambda layer…

Nocturnal - HTB Machine

Nocturnal is a Hack The Box machine which serves a web application that allows file upload and download. The interesting/weird thing is that it utilizes a username parameter in the URL to retrieve…

Code - HTB Machine

We’re presented with a Python-based code editor exposed via a web application, allowing users to write, save, and execute Python scripts. However, execution is limited by a blacklist of restricted…

Dog - HTB Machine

Started by identifying the CMS version and other services running on the target, including Backdrop CMS 1.27.1. Through endpoint enumeration and exploration of accessible files and directories, I…

Planning - HTB Machine

Planning is a box with a huge fuzzing to do in order to find a Grafana instance, which was vulnerable to CVE-2024-9264, a critical vulnerability allowing arbitrary command execution via unsanitized…

May 2025

Titanic - HTB Machine

Titanic is a web application with a Local File Inclusion (LFI) vulnerability, which allowed me to enumerate sensitive files, including the /etc/hosts file that revealed a secondary host…

May 2025

guide

Introduction to ISO2700X

La ISO 27001 es una norma internacional que define los requisitos generales y establece que debes implementar controles de seguridad específicos como parte de un Sistema de Gestión de Seguridad de la…

Feb 2025

research

Post Quantum Cryptography

Notas utilizadas para mi presentacion sobre criptografía post cuántica con la que me recibí de Ingeniero en Computación 🎓

2024