What’s going on everybody, this is $hellbr3ak back again with another blog. Today I will be talking about how I bypassed BIG-IP ASM firewall in one of my engagements. As usual the target will be redacted since the pentest is conducted on a client environment. So, enough talking and let…

What’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first bug in an azure cloud storage service. The vulnerability was a Massive Information Disclosure due to a publicly accessible container hosted on an azure…

What’s going on h4x0rs this is shellbr3ak, and today we’re going to be doing something a little bit different than regular CTFs. As you’ve seen in the news, a very serious 0-day was discovered in the Log4j java logging utility which is a part of Apache Logging Services and also…

Hello y’all, this is shellbreak again with another CTF. As I’m working as a web application penetration tester, I focus only on web challenges in CTFs, and in today’s write up, I’m going to showcase how I solved the only 3 web challenges in Digitaloverdose CTF. So, enough talking, and…

Hello all, this is shellbreak, and today I’m going to showcase how I solved some web challenges in the hacktivitycon CTF 2021, so without much talking let’s just jump in. Swaggy

What’s going on fellas, this is shellbreak back again with another write up about a room called knobi from TryHackMe, which is an easy room that involves a vulnerable FTP server which we’ll exploit to get user access, and then we find that there’s a SUID binary that we can…

Hello guys, what’s going on, this is shellbreak, and today we’re gonna be doing Vulnversity from TryHackMe which is a pretty simple and straightforward machine that involves a File Upload vulnerability to get a shell, and once we get a shell on the box we notice that there’s an unusual…

Hello guys, what’s going on , this is shellbreak, and today I’ll be doing the Blue room from TryHackMe, which is a pretty easy and fun room that demonstrates how to exploit “eternal blue” vulnerability that affected SMB servers back in 2017. EternalBlue is a cyberattack exploit developed by the…

Hello all this is shellbreak, back again with another story of a bug I found apart from CTF challenges. Since this vulnerability was found on a real website, I won’t be mentioning the domain on which I found it, so I’ll use https://example.com as a reference to the vulnerable website…