https://br34chy.github.io/just a sec blog 2026-02-24T21:03:22-06:00 br34chy https://br34chy.github.io/ Jekyll © 2026 br34chy /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-02-12T22:00:00-06:00 2026-02-12T22:00:00-06:00 https://br34chy.github.io/posts/PGLab-Twiggy/ br34chy

Imagined a forest. It was a twig. Lesson: Don’t overthink. Think in primitives. Twiggy (PG Lab) revolves around a backport regression. A fix from a newer version was applied to an older codebase, but architectural differences introduced unintended exposure. When code is transplanted without full context, assumptions break. The machine is rated easy and community-rated intermediate. It sh...

2026-02-08T22:00:00-06:00 2026-02-24T21:02:37-06:00 https://br34chy.github.io/posts/PGLab-PlanetExpress/ br34chy

Trusted relay. Privilege carried. Lesson: trusted services can quietly carry privilege where it doesn’t belong. SUID Misconfiguration PlanetExpress (PG Lab) is an example of SUID (Set User ID/setuid) misconfiguration. SUID abuse occurs when a service runs with root level privilege. In file permissions, SUID appears as an s, for example: -rwsr--r--. Attacker can use that service to cross...

2026-01-29T22:00:00-06:00 2026-02-10T23:19:58-06:00 https://br34chy.github.io/posts/PGLab-Access/ br34chy

Restricted upload. Trust misplaced. Lesson: small upload decisions can quietly lead to SYSTEM. From Restricted File Upload to SYSTEM Access (PG Lab) began with a web-layer attack. A restricted file upload proved insufficient, unfolding into a chain of access weaknesses. This aligns with James Reason’s Swiss cheese model: security failures occur when multiple small weaknesses line up. ...

2026-01-25T22:00:00-06:00 2026-02-10T23:19:58-06:00 https://br34chy.github.io/posts/PGLab-Heist/ br34chy

SMB signing enabled. NTLM still leaked. Lesson: outbound authentication is often the real attack surface. SSRF via NTLMv2 Abuse Heist (PG Lab) demonstrates an SSRF (Server-Side Request Forgery) abuse path that enables NTLMv2 credential capture and relay, leading to local privilege escalation on a Windows system. HuWanyu’s public walkthrough was used as a reference during analysis. His endg...

2026-01-22T22:00:00-06:00 2026-02-10T23:19:58-06:00 https://br34chy.github.io/posts/PGLab-Internal/ br34chy

Same exploit. Same payload. Worked on macOS. Failed on PC. Lesson: exploitation isn’t just about the vulnerability, it’s about how tools and environments interact with it. Exploited Without Metasploit, Yet Befuddled Internal (PG Lab) machine was compromised without Metasploit on a MacBook Pro. Replicating the same process on a PC failed. Environmental might be the issue rather than expl...