Richie Havoc
Security Researcher | Student | Pentester | CTF Player 🎉
Latest Posts
View all →
Garfield HackTheBox Writeup- Hard Windows Active Directory Machine Walkthrough
A comprehensive walkthrough of the Garfield machine from HackTheBox. This Hard-difficulty Windows Active Directory machine writeup covers abusing writable ACLs to plant a malicious logon script via scriptPath, gaining code execution as l.wilson, resetting the l.wilson_adm password for lateral movement, pivoting to an internal Read-Only Domain Controller through a Ligolo tunnel, creating a fake machine account for Resource-Based Constrained Delegation, dumping the krbtgt_8245 AES256 key from RODC01 using Mimikatz, modifying the RODC password replication policy, forging an RODC Golden Ticket with Rubeus, performing a KeyList attack against DC01 to obtain a legitimate Administrator TGT, and fully compromising the domain via NTDS dump. An essential resource for penetration testers studying multi-step Active Directory exploitation chains.
HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE
DevArea is a Medium-difficulty HackTheBox machine from Season 10 featuring an internal developer platform exposed across multiple services. The exploitation chain begins with anonymous FTP access to a leaked JAR file, which reveals an Apache CXF SOAP service vulnerable to a critical XOP/MTOM Local File Inclusion (CVE-2022-46364 / CVE-2022-46363). Reading the HoverFly systemd service file leaks admin credentials, which are used to authenticate against the HoverFly Admin API and obtain a JWT token. From there, a malicious middleware payload injected via the /api/v2/hoverfly/middleware endpoint delivers a reverse shell as dev_ryan. Privilege escalation to root exploits a world-writable /bin/bash binary combined with a sudo-permitted script to plant a root-owned SUID shell. This writeup provides a complete step-by-step walkthrough with detailed technical analysis of each exploitation stage.
HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape
Kobold is an Easy-difficulty HackTheBox machine from Season 10 built around modern AI tooling infrastructure. The attack chain begins with subdomain enumeration uncovering an MCPJam Inspector instance vulnerable to CVE-2026-23744 — a critical unauthenticated RCE in the /api/mcp/connect endpoint that allows arbitrary command execution via a crafted serverConfig payload. This delivers a reverse shell as the user ben. Privilege escalation exploits an implicit Docker group membership accessible via newgrp docker, which is leveraged to mount the host filesystem inside a root-running MySQL container and read the root flag directly — a textbook Docker socket escape. This writeup provides a complete step-by-step walkthrough with beginner-friendly explanations of each technique.
The Hacker's Guide to Not Burning Out: Mental Health in Cybersecurity
Burnout is endemic in cybersecurity. 84% of professionals report experiencing it, 50% expect to burn out within 12 months, and job satisfaction is at an all-time low. This honest, research-backed guide covers the real causes of hacker burnout, how to recognize it before it wrecks you, and actionable strategies that actually work - from a community that's finally starting to talk about it openly.
50 Hacker Jokes So Bad They're Actually Good (Guaranteed to Make Your Teammates Groan)
Sometimes you just need to laugh. 50 carefully curated hacker, CTF, pentesting, and infosec jokes - ranging from clean puns to certified groan-worthy dad jokes. Organized by category for maximum damage. Share with your team. Lose friends. Worth it.
litellm Supply Chain Attack (March 2026): How TeamPCP Backdoored a PyPI Package Used by Millions
On March 24, 2026, threat actor TeamPCP published two backdoored versions of litellm to PyPI, affecting developers who installed v1.82.7 or v1.82.8 during a 3-hour window. This is a verified, technical breakdown of exactly how the attack happened, what the malware did, how to check if you're affected, and what it means for supply chain security going forward.