A detailed walkthrough of the RustyKey machine from HackTheBox, featuring Timeroasting, DACL abuse, DLL hijacking via 7-Zip shell extensions, and Resource-Based Constrained Delegation for complete domain compromise.

A detailed walkthrough of the Code machine from HackTheBox, featuring Server-Side Template Injection (SSTI) exploitation and privilege escalation via backup script manipulation.

Exploiting URL parsing inconsistencies and SSRF to bypass localhost restrictions and extract environment variables from a Flask debug endpoint.