thoughts on
offensive security

Writing about web exploitation, active directory, CTF writeups, and the occasional deep dive into things that break in interesting ways.

CVE Analysis

CVE-2026-42167high

ProFTPD unauthenticated SQL Injection leads to RCE

Unauthenticated SQLi in ProFTPD (≤1.3.9) mod_sql allowing authentication bypass via unsanitized logging variables that can lead to RCE

Recent Posts

HTB Season 10: Logging WriteupApr 19, 202627 min read

HTB Season 10: Silentium WriteupApr 17, 202614 min read

HTB Season 10: Pirate WriteupApr 17, 202620 min read

TimeroastingApr 14, 20265 min read

HTB Season 10: Garfield WriteupApr 8, 202623 min read

AS-REQ RoastingApr 7, 20262 min read

AS-REP Roasting Apr 7, 20266 min read

HTB Season 10: Variatype WriteupApr 4, 202614 min read

Types, Methods, and Interfaces in GOApr 3, 20268 min read

HTB Season 10: Interpreter Writeup Apr 2, 202612 min read

Featured

Read-Only Domain Controllers: Internals and Attack PathsApr 9, 202614 min read

Kerberoasting Apr 5, 202613 min read