środa, 10 czerwca 2026

Ghidra Sink Finder – Automated Tracking User-Controlled Data to Security-Relevant Functions

When performing Reverse Engineering or binary analysis, one of the most common questions is: "Can user-controlled data reach a potentially dangerous function?" Let's try...

wtorek, 9 czerwca 2026

WatchGuard BruteForce

Some time ago I wrote a post and a small script to run a brute force attack against FortiGate appliances. (Link to that post you can find here). This time I decided to check if similar bug is present in latest WatchGuard appliance (FireboxV, version 12.12). Below you'll find the details and poc code to test it in your own LAB. Below you'll find more details about it. Here we go...

sobota, 6 czerwca 2026

Building BHADGUI: Automating BloodHound Data Collection for AD Attack Paths

When you're doing Active Directory pentesting on a tight schedule, running SharpHound manually and then clicking through BloodHound's UI gets old fast. BHADGUI started as a simple wrapper and evolved into something more useful.

Hack The Box - Reactor

Reactor is an 'easy' Linux CTF machine from Season 11 at Hack The Box platform. Few days ago I decided to check it. Below you'll find more details about it. Here we go...