https://blog.cgtz.dev/ Offensive security, penetration testing, red teaming, and raw notes from the field. 2026-03-25T10:04:08+00:00 Tato https://blog.cgtz.dev/ Jekyll © 2026 Tato /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-14T20:29:00+00:00 2026-03-14T20:29:00+00:00 https://blog.cgtz.dev/posts/security-code-review-basics-in-python/ Tato

Understanding how this functions works in depth Manual security code reviews in Python are essential for identifying business logic flaws and complex trust boundaries that automated tools frequently overlook. A primary focus of this article involves function analysis, specifically examining how user-controlled input flows into “sinks”—sensitive functions that can trigger vulnerabilities if th...

2025-09-27T00:46:00+00:00 2025-09-27T00:46:00+00:00 https://blog.cgtz.dev/posts/thm-biblioteca-writeup/ Tato

Room: Biblioteca Difficulty: Medium | Points: 60 Description This medium-difficulty box involves basic enumeration, blind SQL injection, password reuse exploitation, and Python library hijacking for privilege escalation. Enumeration Port Scanning nmap -p- 10.201.1.150 Results: 22/tcp → SSH (OpenSSH 8.2p1 Ubuntu) 8000/tcp → HTTP (Werkzeug httpd 2.0.2, Python 3.8.10) ...

2025-09-20T20:58:00+00:00 2025-09-20T20:58:00+00:00 https://blog.cgtz.dev/posts/thm-watcher-writeup/ Tato

Room: Watcher Difficulty: Easy | Points: 40 Description This room covers Local File Inclusion (LFI), FTP upload for Remote Code Execution (RCE), and privilege escalation through misconfigured sudo permissions and cron jobs. Enumeration Port Scanning nmap -sCV --min-rate=1500 -n -p- --open --max-retries=1 -oA /tmp/watcher 10.201.75.132 Results: 21/tcp → FTP (vsftpd 3.0.5) ...

2025-09-11T05:50:00+00:00 2025-09-11T05:50:00+00:00 https://blog.cgtz.dev/posts/thm-vulnnet-writeup/ Tato

Room: Vulnnet Difficulty: Easy | Points: 40 Description This is an easy-difficulty box featuring basic enumeration, Local File Inclusion (LFI), and an interesting privilege escalation vector through tar wildcard exploitation. Enumeration Port Scanning nmap -sCV --min-rate=1500 -p- 10.10.x.x Results: 22/tcp → SSH (OpenSSH 7.6p1 Ubuntu) 80/tcp → HTTP (Apache httpd 2.4.29) ...

2024-12-22T21:46:00+00:00 2024-12-22T21:46:00+00:00 https://blog.cgtz.dev/posts/tryhackme-injectics-writeup/ Tato

Room: Injectics Difficulty: Medium | Points: 50 Description This room focuses on advanced SQL injection techniques (including second-order SQLi) and Server-Side Template Injection (SSTI) in Twig that leads to remote code execution. Enumeration Port Scanning rustscan -a 10.10.81.229 --tries 2 --ulimit 5000 -g -- --no-nmap Open ports: 22 (SSH) and 80 (HTTP) Service & Web Enumer...