Posts

Introduction In this short article I am going to describe the process through which I discovered CVE-2025-32390, how I turned a low class vulnerability like HTML injection into realistic account takeover. It began with browsing around docker images for open source web app on docker hub. Typically I prefer to target CMS type applications as they are often feature rich with lots of testing opportunities, but then I found that CRM type applications also provide plenty functionalities to assess and then I found EspoCRM. ...

Introduction I will try to not repeat advice and tips given on previous exam experience articles to keep this post interesting and relevant, which also includes my previous article on CPTS as I would say most tips from that article apply to this one as well. The Hack the Box CPTS path path shares about 60% of the modules with the Hack the Box CBBH path and since my Silver Annual sub was still active and I always to tackle a purely web penetration testing certification(unlike CPTS which covers general penetration testing), I decided to complete the remainder of the modules and take a shot at the CBBH certification. Coming fresh from the exam, I am happy to share I have managed to score 9/10 flags on my first attempt in four out of seven days(including report writing), working about 8 hours a day. As exam grading can take up to 20 business days, I have decided to write a quick article to share my experience with the exam in the meantime, some tips and machines I liked as preparation. I will be updating the article later once the grading process is complete. ...

Introduction I will be doing my best to provide tips that have not been shared multiple times already, as there are already plenty of reviews. About one year ago after working for 6.5 years in the networking field, my interest in cybersecurity was piqued when it started to become more mainstream. The idea of penetration testing immediately captivated me and I spent the next 6 months mastering foundational topics such as operating systems, coding and web application knowledge. Then, while researching for various certificatations I came upon HTB’s CPTS, which stood out from the rest as it involved a 10 day fully practical exam, a commercial grade report and completing the “Penetration Tester” HTB Academy path before even attempting the certification which consists of 28 modules totaling 344 hours (as estimated by HTB). ...