Cybersecurity • Weekly Roundup
Sorry For the Lack of a Witty Title: Here's a Weekly Roundup
Here is a selection of some stories from this week that I found interesting. I hope you enjoy them as well.
Blog Posts
DEFCON: 33 • Talks
HTTP/1.1 Must Die!: What I Learned at DEFCON (from Home)
A stark warning from a recent DEFCON talk: HTTP/1.1 is fundamentally broken and must be replaced. This summary covers the fatal flaw behind HTTP Desync attacks, why current patches create a false sense of security, and why the web’s future depends on adopting modern protocols like HTTP/2.
Vulnerability Disclosure • CVE-2025–8517
Session Fixation in Vvveb CMS v1.0.6.1
A Session Fixation vulnerability, tracked as CWE-384, was found in Vvveb CMS version 1.0.6.1. The system's authentication process doesn't generate a new session ID after a user successfully logs in. This critical flaw allows an attacker to exploit two methods to take over a user's account: by using a valid session ID issued by the server, or by creating a completely new and arbitrary session ID. Both attack variations enable an attacker to hijack a user's session, which can result in a full account takeover.
Cybersecurity • AI
Spilling the Tea: How Irresponsible Development Turned a Women's Safety App into a Privacy Nightmare
The Tea Dating Advice app launched with a powerful mission: "helping women date safely" by creating a "sisterhood" where users could anonymously share warnings about men.
Cybersecurity • Personal
My Career's First Glitch: Hacking My Way into Cybersecurity
So, how did I end up in Cybersecurity? It wasn't a straight path. Maybe it was a natural progression over time, built on a lifelong fascination with computers that I didn't even recognize?
Hack The Box: Machine • Walkthrough
Devvortex
In this walkthrough, we explore the Devvortex machine, focusing on a Joomla API vulnerability that allows information disclosure. After identifying the vulnerability (CVE-2023–23752) in the Joomla API, we exploit it using curl to leak database credentials for the user lewis. These credentials grant administrator panel access, enabling the upload of a plugin for Remote Code Execution as the www-data user. Subsequent database enumeration reveals a password hash for user logan, which is cracked using hashcat. Final privilege escalation to root is achieved by exploiting a vulnerability (CVE-2023–1326) in apport-cli accessed via sudo.
DEFCON: 32 • Talks
The Darkest Side of Bug Bounty
Explore the hidden realities of the Bug Bounty industry. This talk uncovers how platforms exploit hacker research for AI training, companies manipulate payouts to save money, and a significant power imbalance leaves individual researchers with little to no recourse against unfair decisions.
Hack The Box: Machine • Walkthrough
Lame
In this walkthrough, we explore the Lame machine, focusing on an SMB vulnerability that allows arbitrary command execution. After identifying the vulnerability (CVE-2007–2447) in the Samba service, we use a Metasploit module to exploit it. This grants us root access via a reverse TCP shell, and we enhance our control by upgrading to a Meterpreter session, enabling further enumeration and exploitation without needing privilege escalation.
Hack The Box: Sherlock • Walkthrough
Meerkat
As a fast-growing startup, Forela has been utilising a business management platform. Unfortunately, our documentation is scarce, and our administrators aren’t the most security aware. As our new security provider we’d like you to have a look at some PCAP and log data we have exported to confirm if we have (or have not) been compromised.
Hack The Box: Challenge • Walkthrough
Easy Phish
Customers of secure-startup.com have been receiving some very convincing phishing emails, can you figure out why?
Hack The Box: Machine • Walkthrough
Blue
In this walkthrough, we explore the Blue machine, which involves exploiting an SMB vulnerability in Windows 7 to gain system access. Through enumeration and exploitation, we discover that the system is vulnerable to EternalBlue (MS17–010), an SMB-related exploit. After gaining access, we proceed with enumeration and retrieve both the user and root flags.
Hack The Box: Sherlock • Walkthrough
UFO-1
Being in the ICS Industry, your security team always needs to be up to date and should be aware of the threats targeting organizations in your industry. You just started as a Threat intelligence intern, with a bit of SOC experience. Your manager has given you a task to test your skills in research and how well can you utilize Mitre Att&ck to your advantage. Do your research on Sandworm Team, also known as BlackEnergy Group and APT44. Utilize Mitre ATT&CK to understand how to map adversary behavior and tactics in actionable form. Smash the assessment and impress your manager as Threat intelligence is your passion.