Hacking PyJWT for Algorithm Confusion Attack [HackTheBox CyberMonday]

In the CyberMonday box from HackTheBox, the foothold involves exploiting an algorithm confusion attack against a JWT. When I went to sign the new JWT with the public key, PyJWT rejected me. In this video, we'll show the rejection, find the code responsible, and modify it to allow me to sign. HackTheBox CyberMonday: https://www.hackthebox.com/machines/c... CyberMonday Blog Post: https://0xdf.gitlab.io/2023/12/02/htb... ☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf [00:00] Introduction [02:16] Review public key [02:38] Creating Virtual Environment [04:17] Failure in Python Terminal [08:10] Finding Responsible Code [10:08] Modifying to Allow [11:25] Conclusion #pentest #ctf #bugbounty #python #pyjwt

Join Today
Automating Malicious Zip with Symlinks [HackTheBox Zipping]
▶︎

Automating Malicious Zip with Symlinks [HackTheBox Zipping]

How Hackers Actually Chain Tools Together (Nmap, Dirb, Wireshark)
▶︎

How Hackers Actually Chain Tools Together (Nmap, Dirb, Wireshark)

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

A11 MASTERING PYTHON VIRTUAL ENVIRONMENTS
▶︎

A11 MASTERING PYTHON VIRTUAL ENVIRONMENTS

DANGEROUS Python Flask Debug Mode Vulnerabilities
▶︎

DANGEROUS Python Flask Debug Mode Vulnerabilities

What is happening at Meta?
▶︎

What is happening at Meta?

Taking over a website with JWT Tokens!
▶︎

Taking over a website with JWT Tokens!

Anthropic is Completely F*cked.
▶︎

Anthropic is Completely F*cked.

How The FBI Finds Your REAL IP Address
▶︎

How The FBI Finds Your REAL IP Address

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

Linus Torvalds: AI Is Changing Linux Fast
▶︎

Linus Torvalds: AI Is Changing Linux Fast

JWT Authentication Bypass via Algorithm Confusion
▶︎

JWT Authentication Bypass via Algorithm Confusion

PyJWT Tutorial: Managing Authorization using JWT in Python
▶︎

PyJWT Tutorial: Managing Authorization using JWT in Python

Powershell malware analysis by @0xdf | Hack The Box
▶︎

Powershell malware analysis by @0xdf | Hack The Box

JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]
▶︎

JWT Key Confusion & Nunjucks SSTI - "Naughty or Nice" [Day 5: HackTheBox Cyber Santa CTF]

This is What REAL Hacking Looks Like!
▶︎

This is What REAL Hacking Looks Like!

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
▶︎

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

How to Disappear Online and Become Untraceable
▶︎

How to Disappear Online and Become Untraceable

How Hackers Hack JSON Web Tokens
▶︎

How Hackers Hack JSON Web Tokens

Pass The OSCP with just 3 TOOLS (MY 2026 CHECKLIST)
▶︎

Pass The OSCP with just 3 TOOLS (MY 2026 CHECKLIST)