Encrypted Thoughts | Cybersecurity, Pentesting & Threat Intelligence

In a significant disclosure, security researchers from the Cyata team have unearthed nine zero-day vulnerabilities in HashiCorp Vault, a widely used tool for secret management. These vulnerabilities, some of which have been lurking in the codebase for nearly a decade, expose critical flaws in Vault's authentication, identity, and authorization mechanisms. The most severe of these, CVE-2025-6000, allows for remote code execution (RCE), marking the first publicly disclosed RCE in Vault's history. This article provides a comprehensive overview of these vulnerabilities, their potential impact, and detailed Burp Suite-style proof-of-concept (PoC) code snippets to help security professionals understand and test for these flaws in their own environments. The Vulnerabilities: A High-Level Overview The nine vulnerabilities cover a wide range of attack vectors, from username enumeration and authentication bypass to privilege escalation and, ultim...

Introduction to the Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is a widely used Internet Standard protocol for managing and monitoring devices on IP networks. While essential for network administration, its often-insecure default configurations and legacy versions present a rich attack surface for penetration testers, bug bounty hunters, and red teamers. This article provides a comprehensive guide to understanding, enumerating, and exploiting SNMP, covering all protocol versions, common misconfigurations, notable vulnerabilities with public proofs-of-concept (PoCs), and an extensive deep-dive into attacking the more modern SNMPv3. SNMP Ports and Versions SNMP primarily operates over the User Datagram Protocol (UDP) on two standard ports: Port 161/UDP : The default port where SNMP agents listen for incoming requests. Port 162/UDP : The default port where SNMP managers receive asynchronous traps (notifications) from age...

Shodan is often called the "world's most dangerous search engine" because it indexes Internet-connected devices instead of websites. The Shodan Command Line Interface (CLI) provides powerful tools for security researchers, penetration testers, and system administrators to discover exposed devices, analyze network infrastructure, and identify vulnerabilities. In this comprehensive guide, you'll learn how to use Shodan CLI to scan single IP addresses , IP ranges , and lists of IPs , along with practical examples for vulnerability discovery and reconnaissance. ⚠️ LEGAL DISCLAIMER Only scan systems you own or have explicit permission to test. Unauthorized scanning may violate laws such as the Computer Fraud and Abuse Act (CFAA) in the United States or similar legislation in other countries. Always obtain proper authorization before conducting security assessments. 📦 Installation and Setup Requirements Python installed on your system (Python ...

Date: February 12, 2026 Target Audience: Intermediate to Advanced Penetration Testers, Bug Bounty Hunters, Red Teamers Disclaimer: This article is for educational and authorized security testing purposes only. Unauthorized access to computer systems is illegal. 📋 Table of Contents 1. Introduction 2. The Fortinet Attack Surface 3. Default Credentials & Misconfigurations 4. Critical Vulnerabilities (2021-2026) 5. The Unholy Trinity of SSL-VPN RCEs 6. Authentication Bypass Vulnerabilities 7. Path Traversal and SQL Injection 8. Deep Dive: CVE-2024-21762 Exploitation 9. Proof-of-Concept Code Examples 10. Post-Exploitation and Persistence 11. Red Teamer's Methodology ...