Latest Research

SECURITY_ARCHIVES.DB

Technical writeups, security research, and vulnerability disclosures from penetration testing, CTF challenges, and bug bounty programs.

ENTRY_ID: pterodac
HackTheBox: Pterodactyl - CVE-2025-49132 RCE & Chained LPE to Root
HackTheBox
2026-02-22#HTB

HackTheBox: Pterodactyl - CVE-2025-49132 RCE & Chained LPE to Root

Full walkthrough of the Pterodactyl machine from HackTheBox Season 10. Exploiting CVE-2025-49132 for unauthenticated RCE on Pterodactyl Panel v1.11.10, credential dumping via MariaDB, hash cracking, and chaining CVE-2025-6018 + CVE-2025-6019 for a full local privilege escalation to root.

ACCESS_DATA
ENTRY_ID: your-def
🛡️ Your Definitive Guide and Review on HackTheBox CJCA: A Journey of Resilience (Copy)
HackTheBox
2026-02-04HackTheBox

🛡️ Your Definitive Guide and Review on HackTheBox CJCA: A Journey of Resilience (Copy)

From 0 flags to a 100-point sweep. An honest, deep-dive review of the HTB CJCA certification, overcoming medical setbacks, and mastering the art of commercial-grade reporting.

ACCESS_DATA
ENTRY_ID: facts-ha
HackTheBox: Facts - Deep Dive into Camaleon CMS LFI & Facter PrivEsc
HackTheBox
2026-02-02#HTB

HackTheBox: Facts - Deep Dive into Camaleon CMS LFI & Facter PrivEsc

Detailed walkthrough of the 'Facts' machine from HackTheBox Season 10. Exploiting CVE-2024-46987 in Camaleon CMS to exfiltrate SSH keys and leveraging Facter's custom directory for root privilege escalation.

ACCESS_DATA
ENTRY_ID: comptia-
🛡️ CompTIA Security+ SY0-701: My Odyssey from Zero to Certified (798/900)
Tools & Guides
2026-01-23CompTIA

🛡️ CompTIA Security+ SY0-701: My Odyssey from Zero to Certified (798/900)

A real, honest review of my journey through the SY0-701. From leveraging the 4 pillars of preparation to surviving the tricky PearsonVUE proctored exam.

ACCESS_DATA
ENTRY_ID: react2sh
React2Shell (CVE-2025-55182): Breaking the Server Boundary in React Server Components
Tools & Guides
2026-01-17#CVE-2025-55182

React2Shell (CVE-2025-55182): Breaking the Server Boundary in React Server Components

React2Shell is not just another injection bug. It cuts straight through the abstraction React Server Components are built on, turning what should be a structured, declarative server rendering pipeline into a potential remote code execution primitive.

ACCESS_DATA
ENTRY_ID: i-spent-
🎯 I Spent $99 on 12 Cybersecurity Certifications - Here’s the Honest Truth About cyberwarfare labs
Tools & Guides
2026-01-11CyberWareLabs

🎯 I Spent $99 on 12 Cybersecurity Certifications - Here’s the Honest Truth About cyberwarfare labs

Twelve cybersecurity certifications for the price of dinner. I tested Cyberwarfare Labs so you know whether it’s genius or garbage.....

ACCESS_DATA