Richie Havoc
Security Researcher | Student | Pentester | CTF Player 🎉
Latest Posts
View all →
HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE
DevArea is a Medium-difficulty HackTheBox machine from Season 10 featuring an internal developer platform exposed across multiple services. The exploitation chain begins with anonymous FTP access to a leaked JAR file, which reveals an Apache CXF SOAP service vulnerable to a critical XOP/MTOM Local File Inclusion (CVE-2022-46364 / CVE-2022-46363). Reading the HoverFly systemd service file leaks admin credentials, which are used to authenticate against the HoverFly Admin API and obtain a JWT token. From there, a malicious middleware payload injected via the /api/v2/hoverfly/middleware endpoint delivers a reverse shell as dev_ryan. Privilege escalation to root exploits a world-writable /bin/bash binary combined with a sudo-permitted script to plant a root-owned SUID shell. This writeup provides a complete step-by-step walkthrough with detailed technical analysis of each exploitation stage.
HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape
Kobold is an Easy-difficulty HackTheBox machine from Season 10 built around modern AI tooling infrastructure. The attack chain begins with subdomain enumeration uncovering an MCPJam Inspector instance vulnerable to CVE-2026-23744 — a critical unauthenticated RCE in the /api/mcp/connect endpoint that allows arbitrary command execution via a crafted serverConfig payload. This delivers a reverse shell as the user ben. Privilege escalation exploits an implicit Docker group membership accessible via newgrp docker, which is leveraged to mount the host filesystem inside a root-running MySQL container and read the root flag directly — a textbook Docker socket escape. This writeup provides a complete step-by-step walkthrough with beginner-friendly explanations of each technique.
The Hacker's Guide to Not Burning Out: Mental Health in Cybersecurity
Burnout is endemic in cybersecurity. 84% of professionals report experiencing it, 50% expect to burn out within 12 months, and job satisfaction is at an all-time low. This honest, research-backed guide covers the real causes of hacker burnout, how to recognize it before it wrecks you, and actionable strategies that actually work - from a community that's finally starting to talk about it openly.
50 Hacker Jokes So Bad They're Actually Good (Guaranteed to Make Your Teammates Groan)
Sometimes you just need to laugh. 50 carefully curated hacker, CTF, pentesting, and infosec jokes - ranging from clean puns to certified groan-worthy dad jokes. Organized by category for maximum damage. Share with your team. Lose friends. Worth it.
litellm Supply Chain Attack (March 2026): How TeamPCP Backdoored a PyPI Package Used by Millions
On March 24, 2026, threat actor TeamPCP published two backdoored versions of litellm to PyPI, affecting developers who installed v1.82.7 or v1.82.8 during a 3-hour window. This is a verified, technical breakdown of exactly how the attack happened, what the malware did, how to check if you're affected, and what it means for supply chain security going forward.
Vibe Hacking Explained: How AI Is Letting Complete Beginners Launch Real Attacks
Vibe hacking is the dark twin of vibe coding - using AI tools to launch cyberattacks without needing to understand how they work. With verified real-world incidents including a Moltbook breach exposing 1.5 million tokens and Claude AI being used to run full extortion campaigns, this deep-dive covers exactly what vibe hacking is, how it works, and how defenders need to adapt in 2026.