<POC/>

CVE-2025-24071 - Filter netNTLMv2 Credentials with a simple ZIP

In this blog post, a proof-of-concept (PoC) is presented that demonstrates how a malicious `.library-ms` file can be used to capture netNTLMv2 credentials without the need for the victim to interact with the file. Simply unzipping the file is enough to trigger the vulnerability (CVE-2025-24071).

Read more
<Tools/>

Upgopher, A Lightweight and Efficient File Server

This article provides a quick analysis of Upgopher, a simple web server for uploading and managing files, designed for both local and remote environments, maximizing portability and minimizing compatibility issues.

Read more
<Tools/>

Setting Up MultiEvilnoVNC with HTTPS

This guide provides detailed instructions for setting up MultiEvilNoVNC, including preparing Docker containers, configuring Nginx, obtaining SSL certificates with Certbot, and modifying the startup script to ensure proper functionality. Additionally, it covers how to run the tool and manage and view sessions of websites visited by users.

Read more
<Technologies/>

Password Security Policies (PSO) in Active Directory (AD)

Password Security Policies (PSO) in Active Directory (AD) are a critical component in a corporate network's security infrastructure. PSOs allow system administrators to enforce strict and customized rules for password creation and usage across the network, thus ensuring that all users adhere to best information security practices.

Read more
<POC/>

POC log4j exploit.

Log4j - Complete Exploitation Guide & Proof of Concept | Detailed Walkthrough of the Critical Log4j Security Flaw with Real-World Attack Scenarios and Mitigation Strategies

Read more
<Experiences/>

My OSCP Experience

OSCP Exam Experience - Detailed Review, Tips & Journey to Passing the Offensive Security Certified Professional Certification | Personal Insights from the PWK Labs and 24-Hour Penetration Testing Challenge"

Read more
<Tools/>

PoFish, a docker for phishing

Lately I have been making several phishing attempts. For one thing or another I have had to perform the same configuration of the same applications in different environments. For this reason I have created a DockerFile which once built, can be deployed with different options to perform a phishing exercise.

Read more
<Experiences/>

How to Solve the Monkey Vulnerable Machine

Learn how to solve a CTF machine in this post. Discover how to perform a login bypass, decrypt hashes, escalate privileges, and more.

Read more