https://arbaazjamadar.com/tags/devarea-writeup/Recent content in Devarea Writeup on Security Writeups | HackTheBox | Wiz CTF | AWS Cloud Security | CVE Analysis | Arbaaz Jamadar Hugo -- gohugo.io enreachout@arbaazjamadar.com (Arbaaz Jamadar) reachout@arbaazjamadar.com (Arbaaz Jamadar)©2025 arbaazjamadar.comSun, 19 Apr 2026 00:00:00 +0000 https://arbaazjamadar.com/ Sun, 19 Apr 2026 00:00:00 +0000 reachout@arbaazjamadar.com (Arbaaz Jamadar) https://arbaazjamadar.com/ Cloud security research and CVE analysis by Arbaaz Jamadar - 10+ CVEs documented, AWS/Azure/Kubernetes misconfiguration walkthroughs, Wiz CTF top-18 finish, 40+ writeups.HTB Logging writeupLogging Writeupsecurity writeupHTBLoggingCTFCTF WriteupCloudSecurityMisconfigurationssecurity CTF writeupHTBAirTouchAirmon-ngAircrack-ng suiteairodump-ngaireplay-ngEAPHammerEvil-Twin AttackWPA-PSKWPA2-MGTWPA-PEAPFile Upload BypassVlan Pivotingvlan attacknetwork penetrationDecrypting packetswiresharkwpa_supplicantwpa_supplicant AD configHTBHackTheBoxHackTheBox: AirTouchHTB: AirTouchInformation GatheringCTFCTF WriteupCloud SecurityMisconfigurationssecurity CTF writeupWizTrust IssuesIncident ResponseCompromised IncidentTrust IssueswizclaudeWIZWiZWiz: Trust IssuesWiz: IssuesCode analysisApplication Securityreversingsupply chainsupply chain vulnerabilityCTFCTF WriteupCloudSecurityMisconfigurationsIaC security CTF writeupWIZWIZ: State of AffairsState of AffairsWiz Cloud security ChampionshipSecurity EngineerCloud SecurityHacktricksExploitationPrivilege EscalationTerraformBash ScriptingLocating Public ExploitsFixing Public ExploitsInformation GatheringAWSCloud SecurityCTF WriteupS3SSRFIMDSv2Spring Boot ActuatorMisconfigurationsIAM RolesReverse-ProxyLeast PrivilegeVPC EndpointDevSecOpsCloud MisconfigurationWIZObservabilityCTFWIZ Perimeter LeakOSINTSUBDOMAIN EnumerationSubdomain enumeration using OSINT toolsDNS RECONExploiting chain supply vulnerabilitiesVibe coding vulnerabilitiesWiz Cloud security ChampionshipSubdomain enumeration using DNS reconActive reconPassive ReconCTFCTF WriteupCloud SecurityMisconfigurationssecurity CTF writeupWiz CTF writeupWizHappy BirthdayData ExfilCompromised IncidentHappy BirthdaywizWIZWiZWiz: Happy BirthdayWiz: BirhtdayCode analysisApplication SecurityreversingLoose PoliciesLoosely configured StringLike Conditional ChecksBypass StringLikeSNS topic ExfilEnumerate S3 bucketsAccount ID derivationCTFCTF WriteupCloudSecurityMisconfigurationsKubernetes security CTF writeupWIZWIZ: Game of PodsGame of PodsWiz Cloud security ChampionshipSecurity EngineerCloud SecurityHacktricksExploitationPrivilege EscalationKubernetesBash ScriptingLocating Public ExploitsFixing Public ExploitsInformation GatheringCVE-2022-3294nodes/proxynodes/statusLateral movementabusing secretsabusing service account tokensk8s-debug-bridgedocker breakoutcontainer escape CTFpostgresql superuser rcetcpdump capture credentialslinux core_pattern privilege escalationkubernetes pod securityseccomp apparmor selinuxdefense in depth containersCTFCTF WriteupCloud SecurityMisconfigurationssecurity CTF writeupWizConfession Boothgorace conditionsconfessionswizclaudeAI assistedWIZWiZWiz: Confession BoothWiz: ConfessionCode analysisApplication SecurityreversingCTFCTF WriteupAzure Graph API exploitationAzureEntra IDMonitoringCloudSecurityMisconfigurationsNetworkingOAuth client credentials abuseAzure guest accessGraph APIdynamic group privilege escalationAzure blob storage exfiltrationEntra ID admin consent abuseAzure security CTF writeupWIZBreaking The BarriersHTBcctvlinuxzoneminderMotionEyeSQLi Data LeakVulnerable BinaryCommand InjectionLateral PivotingHTBHackTheBoxHackTheBox: cctvHTB: cctvInformation GatheringInitial EnumerationreversingPrivilege EscalationHTB writeupHTB devarea writeupdevarea Writeupapache cxfcxfsyswatchworld writable bashhoverflyhoverfly rcessrffile wrappercommand injectionMisconfigurationssecurity writeupHTBdevarealinuxLateral PivotingHTBHackTheBoxHackTheBox: devareaHTB: devareaInformation GatheringInitial EnumerationPrivilege EscalationPrivilege AbuseMisconfigurationssecurity writeupHTBfactslinuxcameleon cmsMass AssignmentS3 Data LeakMisconfigured SUIDCommand InjectionLateral PivotingHTBHackTheBoxHackTheBox: factsHTB: factsGarfieldWindowsActive DirectoryGolden Ticketrbcdrbcd abuserodcForceChangePasswordRODC KeyListKeylist attackLateral PivotingHTBHackTheBoxHackTheBox: GarfieldHTB: GarfieldInformation GatheringInitial EnumerationmsDS-RevealOnDemandGroupinterpreterlinuxmirth connectMotionEyeSQLi Data LeakVulnerable BinaryCommand InjectionLateral PivotingHTBHackTheBoxHackTheBox: interpreterHTB: interpreterInformation GatheringInitial EnumerationreversingPrivilege EscalationCVE-2023-43208CVE-2023-37679koboldlinuxarcaneprivatebinmcpjamMotionEyeSQLi Data LeakVulnerable BinaryCommand InjectionLateral PivotingHTBHackTheBoxHackTheBox: koboldHTB: koboldInformation GatheringInitial EnumerationreversingPrivilege EscalationCVE-2026-23744CVE-2025-64714Active DirectoryAssumed BreachPre2kgMSANTLM relayCoerceDelagationSPN JackingConstrained DelegationLateral PivotingHTBHackTheBoxHackTheBox: pirateHTB: piratePterodactylLinuxPAMPHP PearCMDUnauthenticated RCESuseRCEudisksrace conditionLateral PivotingHTBHackTheBoxHackTheBox: PterodactylHTB: PterodactylInformation GatheringInitial EnumerationreversingPrivilege EscalationCVE-2025-6018CVE-2025-6019HTB silentium writeupsilentium WriteupMisconfigurationssecurity writeupHTBsilentiumlinuxdockergitsymlinksservice abuseprivilege escalationgogsflowaipassword resetLateral PivotingHTBHackTheBoxHackTheBox: silentiumHTB: silentiumInformation GatheringInitial EnumerationsubdomainPrivilege EscalationnginxPrivilege AbuseCVE-2025-59528CVE-2025-58434CVE-2025-64111variatypenxclinuxfonttoolscronjobfontforgesetuptoolsCommand InjectionLateral PivotingHTBHackTheBoxHackTheBox: VariaTypeHTB: VariaTypeHTBwingdataLinuxtarslipfilter bypassUnauthenticated RCEWingFTPRCELateral PivotingHTBHackTheBoxHackTheBox: wingdataHTB: wingdataCTF WriteupsCloud SecurityNetwork SecurityWeb SecurityBrowser Security https://arbaazjamadar.com/htb/hackthebox-devarea/ Mon, 30 Mar 2026 00:00:00 +0000 reachout@arbaazjamadar.com (Arbaaz Jamadar) https://arbaazjamadar.com/htb/hackthebox-devarea/ Initial foothold by leaking credentials using SSRF from Apache CXF, and using creds to execute RCE on Hoverfly dashboard. Privilege escalation via, exploiting the world writable bash and executing the syswatch script.SecuritySecurity WriteupCloud SecurityHTB writeupHTB devarea writeupdevarea Writeupapache cxfcxfsyswatchworld writable bashhoverflyhoverfly rcessrffile wrappercommand injectionMisconfigurationssecurity writeupHTBdevarealinuxLateral PivotingHTBHackTheBoxHackTheBox: devareaHTB: devareaInformation GatheringInitial EnumerationPrivilege EscalationPrivilege AbuseBox WriteupsCloud SecurityNetwork SecurityWeb SecurityBrowsed SecurityAPI Security