TryHackMe - Clocky
Time is an illusion. - Code review, Time based token exploitation, SSRF and privilege escalation.
TryHackMe - El Bandito
SSRF to Request smuggling, Request Smuggling via HTTP/2 Downgrades on a chat application to leak user requests.
TryHackMe - Hack Smarter Security
Dell OpenManage Auth Bypass, File Disclosure, Credential Leak...
TryHackMe - Exfilibur
BlogEngine XXE, RCE with GodPotato PrivEsc with a small dose of AV Bypass