Archive - ToxSec - Bug Bounty Hunting

Subdomain Takeover

just now •

Insecure Direct Object Refence

6 hrs ago •

Gandalf | AI CTF

A Prompt Injection Challenge

Aug 17 •

May 2025

File Upload Vulnerabilities

File Upload for Bug Bounty

May 30 •

Systemctl SUID & Burp Sniper | VulnUniversity THM

The power of basics.

May 27 •

Hacking Common Services

A cheat sheet and reference guide for ethically hacking common services across diverse systems.

May 25 •

SweetRice CMS Exploitation | LazyAdmin TryHackMe

A TryHackMe machine featuring CMS enumeration, database extraction, remote shell upload, and privilege escalation.

May 19 •

OSCP Proving Grounds – Levram Walkthrough

Web Exploitation & Linux Privilege Escalation Practice

May 18 •

April 2025

Working with Linux Capabilities | Cap HackTheBox

A HackTheBox challenge focused on pcap analysis, service enumeration, and Linux capability exploitation.

Apr 19 •

Game Zone - SQLi and Reverse SSH Tunneling

A TryHackMe box combining SQL injection, password cracking, reverse SSH tunneling, and Metasploit exploitation.

Apr 19 •

March 2025

SSH Key Exploitation and SMB Recon: A CTF Walkthrough

A real-world-style Linux box. This one challenged me to use sharp enumeration, smart pivots, and creative thinking to gain and escalate access across…

Mar 18 •

February 2025

Windows Security: Abusing Access Tokens | A Practical CTF Walkthrough

Exploit misconfigured access tokens to impersonate SYSTEM and own the box.

Feb 18 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts