InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A detailed CTF walkthrough of INE's VulnCorp red team challenge, covering reconnaissance through full compromise. The author maps attack surfaces via nmap and /etc/hosts, discovers an exposed .git repository leaking hardcoded secrets, exploits SQL injection to dump the database, chains SSRF to access cloud metadata and IAM credentials, performs indirect prompt injection against an AI assistant, and exploits a backdoored NPM package in an internal Verdaccio registry. The most memorable struggle was cracking an MD5 admin password hash that took 68 hours of manual Hashcat attempts before an AI assistant solved it in seconds by predicting the human-chosen password pattern. The author finished 2nd overall and reflects on the importance of approach over brute force.

VulnCorp CTF by INE: The Moment I Wanted to Quit, But I Didn’t