🐱
Richie Havoc
👋

Richie Havoc

Security Researcher | Student | Pentester | CTF Player 🎉

Latest Posts

View all →
HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation
hackthebox

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

VariaType is a cutting-edge HackTheBox machine from Season 10 featuring a web-based variable font generator. The exploitation chain involves chaining three critical vulnerabilities—fontTools CVE-2025-66034 for initial webshell creation, FontForge CVE-2024-25081 for lateral privilege escalation to the steve user, and a setuptools PackageIndex path traversal vulnerability for root access. This writeup provides complete step-by-step instructions with detailed technical analysis of each exploit mechanism.

Mar 15, 2026 20 min read
CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough
hackthebox

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

A comprehensive walkthrough of the CCTV machine from HackTheBox Season 10. This Medium-difficulty Linux machine writeup covers ZoneMinder default credentials, exploiting CVE-2024-51482 SQL injection to extract and crack bcrypt hashes, leveraging a tcpdump Linux capability to sniff plaintext credentials from Docker network traffic, SSH port forwarding to expose an internal MotionEye instance, and achieving root via CVE-2025-60787 remote code execution using Metasploit. A must-read for penetration testers tackling multi-step Linux exploitation chains.

Mar 8, 2026 16 min read
Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough
hackthebox

Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough

A comprehensive walkthrough of the Pirate machine from HackTheBox Season 10. This Hard-difficulty Windows machine writeup covers initial access with provided credentials, Active Directory enumeration, lateral movement strategies, privilege escalation techniques, and achieving SYSTEM access. Learn how to compromise this challenging HTB Windows machine with detailed methodology, practical command examples, and SEO-optimized content for cybersecurity professionals.

Mar 4, 2026 33 min read
Interpretor HackTheBox Writeup — Complete Machine Walkthrough
hackthebox

Interpretor HackTheBox Writeup — Complete Machine Walkthrough

A comprehensive walkthrough of the Interpretor machine from HackTheBox. This writeup covers reconnaissance, enumeration techniques, initial foothold exploitation, lateral movement strategies, and privilege escalation to root. Learn how to compromise this challenging HTB machine with detailed methodology and practical command examples.

Feb 23, 2026 14 min read
BITSCTF 2026 Writeup — Jetpack Drift & Radio Telescope
ctf

BITSCTF 2026 Writeup — Jetpack Drift & Radio Telescope

Full BITSCTF 2026 writeup covering the Jetpack Drift and Radio Telescope challenges. Includes PCAP triage with tshark, AES-CTR rolling-key decryption, hash chain reconstruction, ICO/PNG extraction, OCR flag reading, and signal anomaly detection — with complete Python exploit scripts and step-by-step methodology for competitive CTF players.

Feb 22, 2026 65 min read
FrameOS: Effortless Screenshot Framing for Developers and Designers

FrameOS: Effortless Screenshot Framing for Developers and Designers

FrameOS is a free, browser-based tool that transforms raw screenshots into polished, professional mockups using modern OS frames. It features batch processing, exact App Store dimensions, and entirely client-side execution to ensure your images remain secure and private.

Feb 21, 2026 4 min read
HackTheBox CTF OSINT Chitchat Browse Tags