HackTheBox - GiveBack
00:00 - Introduction 01:00 - Start of nmap 03:20 - Adding the API Key to our WPScan 08:00 - Discovering a POC for the GiveWP plugin and getting a shell 12:00 - Looking at the WP Database, not getting much information 18:00 - Discovering an HTTP endpoint in the environment variable, setting up chisel to look at it 22:00 - Looking at the custom web page, it is vulnerable to a PGP CGI Vulnerability 30:00 - Shell on the second pod 31:00 - Discovering a Kubernetes (k8s) token, copying it back to our box and setting up kubectl to examine Kubernetes and dumping secrets 39:50 - Showing we didn't need KubeCTL we could have used curl, showing hacktricks age that has some nice tips on setting this up to easily query the k8s api 44:50 - With a password from k8s, we can login to the box and execute a runc wrapper with sudo. It is running version 1.1.11 which is vulnerable to an sandbox escape. 52:15 - Showing an alternative way to exploit this binary through exploiting the wrapper with a simple path traversal in mounts
HackTheBox - Vintage
HackTheBox - Guardian
Chris Lindsey - Inside the Modern Threat Landscape: Attacker Wins Defender Moves and Your Priorities
HackTheBox - Hacknet
Something is jamming GPS over Europe. Here's what we found
HackTheBox – TwoMillion Walkthrough | API Enumeration, Command Injection & Kernel Privesc
HackTheBox - Soulmate
HackTheBox - DarkZero
OWASP Top 10 2025: Your complete guide to securing your applications
HackTheBox - Usage
Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
Exposing The Solid State Donut Battery. It's Over.
HackTheBox - Gavel
Cocky Scammers get the Virus Treatment
HackTheBox - Haze
How Rockstar fit an entire city into PlayStation 2 memory
How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)
HackTheBox - Sorcery
HackTheBox - Principal
