SMBv1 should have died in 2017 when WannaCry ransomware exploited the EternalBlue vulnerability (MS17-010) to infect 300,000+ Windows systems worldwide in 72 hours. Yet five years later, most enterprise environments still have SMBv1 enabled by default — not because they need it, but because it’s legacy technical debt that “works” and nobody wants to break file shares. This guide shows how to disable SMBv1 on Windows Server safely: audit current usage, migrate dependencies to modern SMBv2/v3, remove the protocol entirely, and verify compliance across the fleet. ...
ASREProasting is the lesser-known sibling of Kerberoasting, but it’s just as dangerous and significantly harder to detect. Unlike Kerberoasting, which requires authenticated access to request service tickets, ASREProasting exploits accounts with Kerberos pre-authentication disabled — allowing attackers to request encrypted AS-REP responses for any user without knowing their password. These encrypted responses can be cracked offline to recover plaintext credentials. This guide builds comprehensive ASREProasting detection in Splunk: the Event 4768 query patterns that identify AS-REQ abuse, accounts vulnerable to ASREProasting, volume anomalies, and the Splunk dashboards that turn authentication logs into actionable threat intelligence. ...
Kerberoasting is the technique every red team uses and every blue team underdetects. An attacker requests Kerberos TGS (Ticket Granting Service) tickets for service accounts, then cracks the encrypted portion offline to recover plaintext passwords. The attack leaves Event 4769 footprints on Domain Controllers that most SOCs ignore — and that’s exactly what makes Kerberoasting so effective in real breaches. This guide builds comprehensive Kerberoasting detection in Splunk: the Event 4769 query patterns that catch RC4 encryption abuse, service account targeting, volume anomalies, and the Splunk dashboards that turn raw Kerberos logs into actionable security intelligence. ...
Platform BhAcKAri CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web, Misc, Crypto, Reverse (Italian event) Tags JavaScript deobfuscation + AES-256-CBC cookie C2 + sed shell-glob bypass, lighttpd HTTP CONNECT tunneling past url.access-deny, patched d8 V8 sandbox eval escape via shop-trusted credits, seed-keyed LSB steganography with shuffle order, Minecraft 1.21.10 .mcfunction Vigenère with floor-mod, Coppersmith partial-prime small-roots via Howgrave-Graham lattice, deterministic Python C-extension stage chain with SHA-256/CRC32 key derivation, manual Windows PE loader with 4-byte patches into 7-Zip's GetHandlerProperty2 BhAcKAri CTF 2026 is an Italian-themed jeopardy event whose infrastructure lives on the .it TLD (challs.ctf.bhackari.it) and whose challenges drip with Venetian flavour — the name itself is a play on bacari, the small wine-and-cicchetti taverns of Venice. The 2026 edition runs eight challenges across four categories (Web, Misc, Crypto, Reverse) and rewards careful reading of source code, binary disassembly, and protocol logs in roughly equal measure. ...
Platform HASBL CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web (HTTP, nginx, Express, Next.js, Flask) Tags client-side auth bypass via robots.txt + cookie injection, non-iterative path-traversal filter bypass, client-trusted economy / coin spoofing, Next.js sourcemap + header reconnaissance with hint-prune brute force, Jinja2 SSTI in PDF receipts with capped-field escape via Flask SECRET_KEY leak and itsdangerous session forgery HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Web Exploitation track — the five web challenges (T/I Forum, Anatolian Atlas, Arena.exe, Lineup Challenge, DTeam) were all solved, and each one teaches a different web-attack primitive: client-side authentication theatre defeated by reading the JavaScript, non-iterative .. traversal filters, client-trusted in-game economies, hint-collection across HTTP headers / sourcemaps / robots.txt, and a two-stage Flask SSTI chain through a PDF-receipt template. ...
Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Crypto (Python + C) Tags Modular multiplicative bijections, modular-inverse tables, permutation reversal, debug-print leakage exploitation, Galois LFSR + htonl endianness pitfalls, classic VIC cipher (straddling checkerboard + chain-addition keystream + special-character word substitution) HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Crypto track — the six crypto challenges (baby-counting-fingers, baby-learns-obfuscation, baby-learns-walking, script-kiddie, head-team, VIC) were all solved, and each one teaches a different applied-cryptography primitive: modular multiplicative bijections on Z_n, two-layer permutation-plus-multiplication ciphers, position-salted chained byte operations, debug-print leakage of an otherwise elaborate matrix cipher, dual Galois LFSRs ruined by an htonl endianness asymmetry, and a faithful textbook implementation of the Soviet VIC hand-cipher with straddling checkerboard and chain-addition keystream. ...
Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Forensics (Linux toolchain) Tags QR-code decoding with Reed-Solomon tolerance, JPEG metadata extraction (EXIF, COM, XMP), base64/base32 encoding fingerprints, bit-stream-to-JPEG reconstruction, magic-byte surgical repair, file-header recognition HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Forensics track — the five forensics challenges (Quick Response, Logo, Digits, our sweet cat, Pamuk, and The Magic of "Magic Numbers") were all solved, and each one teaches a different file-forensics primitive: QR-code decoding despite a visual overlay, JPEG metadata extraction across EXIF and COM segments, bit-stream-to-JPEG byte reconstruction, base64-wrapped JPEG with hex content, and surgical magic-byte repair plus XMP metadata walking. ...
Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Pwn (Linux x86-64) Tags ret2win with movaps stack alignment, int16 signed overflow, mmap RWX shellcode injection, register-controlled jmp into pre-built gadget chain, classic ROP with SysV-ABI argument-register setup, pwntools payload construction, checksec mitigation analysis HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Pwn track — the five pwn challenges (baby-bufferoverflow, candy-store, baby-shellcoder, jumper, padawan-pwn) were all solved, and each one teaches a different beginner-to-intermediate binary-exploitation primitive: ret2win with the movaps 16-byte stack-alignment trap, a signed-vs-unsigned integer-width bug exploitable via menu interaction, direct shellcode execution on an mmap’d RWX page, a 7-byte shellcode budget that has to set rdx for a hard-coded jmp rdx into the binary’s own gadget chain, and a full ROP chain that loads three argument registers before calling a flag-printing function. ...
Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Reverse Engineering Tags Go binary triage, static-only flag recovery, PE anti-debug bypass (PEB.BeingDebugged, x64dbg process scan, NtCreateThreadEx), custom binary protocol parsing, game-logic reverse engineering HASBL CTF 2026 is a multi-category jeopardy event covering Reverse Engineering, Pwn, Web, and Forensics. This writeup is dedicated to the Reverse Engineering track — the four rev challenges (baby-go, DebugMe, Pr0t0c0l1337, PamukTheCat) were all solved, and each one teaches a different reverse-engineering skill: static-only recognition on a Go binary with debug symbols, anti-debug bypass on a Windows PE, custom binary-protocol parsing on a Linux PIE, and game-logic reverse engineering on a JRPG-shaped crackme. ...
Platform THEM?! CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Reverse, Crypto) Tags CHIP-8 emulation, x86-64 PE reverse engineering, Unicorn dynamic emulation, FNV-1a hash recovery, custom bytecode VMs, control-flow flattening, DES weak-key parity, XOR-chain cryptanalysis, modular arithmetic over 10^155 THEM?! CTF 2026 is a large jeopardy event with 85 total challenges across the usual categories. This writeup covers the seven challenges I personally solved, all from the reverse-engineering and cryptography tracks — every one demanded a real RE or cryptanalytic technique end-to-end. The reverse picks range from a CHIP-8 ROM that paints its flag onto a 64×32 screen across ~2⁴⁰ encoder steps per round, to a Windows binary whose VM mutates its own register state during dispatch. The crypto picks are the same shape — three challenges that look obscure on the surface and reduce to a clean number-theory or XOR-algebra invariant once you read carefully. ...