Hacking – category –
-
![[XServer VPS] Build an LXDE GUI environment on Ubuntu and migrate to LXQt](data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==)
[XServer VPS] Build an LXDE GUI environment on Ubuntu and migrate to LXQt
With xServer VPS, you can quickly set up a GUI environment by simply selecting the Ubuntu desktop (LXDE) as your operating system. However, LXDE is a somewhat outdated desktop environment, so this time we will replace it with its successor, LXQt. Migrating to LXQt is as simple as switching the desktop environment... -
[XServer VPS] The best solution for building a Kali Linux environment with Ubuntu Desktop x Distrobox
When trying to use Kali Linux on a VPS, it's surprisingly common to find that Kali isn't an option. It's not uncommon for Japanese VPSs, in particular, to not even have Kali available in their OS templates. So, a realistic option is to install Ubuntu and then... -
Account hijacking?! I actually tried out IDOR [HackTheBox Armaxis writeup]
Web applications are often deemed "secure" simply by implementing mechanisms such as authentication and tokens. However, in reality, there are many cases where a simple error in the authorization design, which determines which users' data can be accessed, can lead directly to account takeover. -
I wrote an API key on the front end using Vibe Coding, and ended up being hacked and charged a high fee. Here are some examples and security measures.
"Vibe coding," a modern development style that focuses on quickly building apps with a focus on getting them working, is gaining popularity. BaaS services like Supabase and Firebase, in particular, allow you to complete authentication and database operations with just a few lines of code, making them ideal for rapid prototyping and UI improvement. -
[AI Security] Disabling specific classes by tampering with the model | HackTheBox Fuel Crisis Writeup
We are now in an era where AI not only "learns and makes decisions," but also the models that make those decisions are themselves targets of attack. In particular, the weights and biases of machine learning models are central to determining their output, and tampering with these can intentionally distort prediction results. Such models... -
[AI Security] Attacking AI-Negotiated Ransomware with Prompt Injection | HackTheBox TrynaSob Ransomware Writeup
We are now in an era where AI is no longer just a "conversational partner" but can also be a tool for attackers. In recent years, even in the world of ransomware, AI negotiation bots have appeared that automate interactions with victims, streamlining ransom payments. However, the authority and information that this AI possesses... -
[AI Security] AI Agent Hijacking Exploiting OpenAI Function Calling: Practice and Defense Strategies Explained! HackTheBox Loyalty Survey Writeup
The evolution of AI has already gone beyond simply conversing with humans. Recent large-scale language models (LLMs) can call external functions and APIs in response to user requests, running actual systems and services. OpenAI's Function Calling feature... -
[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup
We live in an age where AI is acting as a proxy for human decision-making. What would happen if we could "trick" that AI just a little? This time, we took on the challenge of a CTF to break through international travel screening using AI. We used prompt injection, a technique that exploits a weakness in large-scale language models (LLMs). -
[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup
Template engines are widely used in web applications to combine HTML and data to generate displays. For example, template engines are used on the backend to embed usernames, post contents, and other information into HTML. However,... -
How to get started with Hack The Box | A thorough comparison of free and paid plans, Labs and Academy
Many people who are aspiring to become security engineers and want to improve their skills through CTFs may have become interested in Hack the Box (HTB) with this in mind. However, when you actually look at the official website, you'll see a wide variety of services (Labs, Academy, CTF, Business, etc.) lined up...
![[XServer VPS] Build an LXDE GUI environment on Ubuntu and migrate to LXQt](https://hack-lab-256.com/wp-content/uploads/2026/01/hack-lab-256-samnail-2-1024x576.jpg)
![[XServer VPS] The best solution for building a Kali Linux environment with Ubuntu Desktop x Distrobox](https://hack-lab-256.com/wp-content/uploads/2026/01/hack-lab-256-samnail-1-1024x576.jpg)
![Account hijacking?! I actually tried out IDOR [HackTheBox Armaxis writeup]](https://hack-lab-256.com/wp-content/uploads/2025/12/hack-lab-256-samnail-1024x576.png)
![[Introduction to AI Security] Disabling Specific Classes by Tampering with Models | HackTheBox Fuel Crisis Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-32-1024x576.jpg)
![[AI Security] Attacking AI-Negotiated Ransomware with Prompt Injection | HackTheBox TrynaSob Ransomware Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-31-1024x576.jpg)
![[AI Security] AI Agent Hijacking Exploiting OpenAI Function Calling: Practice and Defense Strategies Explained! HackTheBox Loyalty Survey Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-30-1024x576.jpg)
![[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-29-1024x576.jpg)
![[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-28-1024x576.jpg)
