Hello There!

Introduction In this short article I am going to describe the process through which I discovered CVE-2025-32390, how I turned a low class vulnerability like HTML injection into realistic account takeover. It began with browsing around docker images for open source web app on docker hub. Typically I prefer to target CMS type applications as they are often feature rich with lots of testing opportunities, but then I found that CRM type applications also provide plenty functionalities to assess and then I found EspoCRM. ...

Introduction I will try to not repeat advice and tips given on previous exam experience articles to keep this post interesting and relevant, which also includes my previous article on CPTS as I would say most tips from that article apply to this one as well. Previously this certification has been known as CBBH, and later HTB changed its name to better align with the certification content as it’s not really about Bug Bounty Hunting and more about Web Application Security Assessment (WASA). ...

Introduction I will be doing my best to provide tips that have not been shared multiple times already, as there are already plenty of reviews. About one year ago after working for 6.5 years in the networking field, my interest in cybersecurity was piqued when it started to become more mainstream. The idea of penetration testing immediately captivated me and I spent the next 6 months mastering foundational topics such as operating systems, coding and web application knowledge. Then, while researching for various certificatations I came upon HTB’s CPTS, which stood out from the rest as it involved a 10 day fully practical exam, a commercial grade report and completing the “Penetration Tester” HTB Academy path before even attempting the certification which consists of 28 modules totaling 344 hours (as estimated by HTB). ...