Logo

ngtuonghung's blog

Hi, I'm currently an undergraduate at University of Engineering and Technology - VNU. I'm interested in offensive security.

research

Research

Understanding CVE-2023-32233 (Draft)

December 9, 2025 December 8, 2025
Research

Getting Started With Kernel Exploitation

This is my first time setting up QEMU, debugging kernel with GDB, and exploiting kernel modules for privilege escalation and...

linux kernel kernel-module qemu privilege-escalation seccomp
December 9, 2025 December 6, 2025 Research
Research

Reproducing Nimbuspwn: Linux Privilege Escalation via Path Traversal and TOCTOU in networkd-dispatcher

A technical walkthrough of reproducing Nimbuspwn (CVE-2022-29799 and CVE-2022-29800), privilege escalation vulnerabilities in networkd-dispatcher exploiting path traversal and TOCTOU race...

path-traversal toc-tou race-condition code-review linux privilege-escalation from-day-zero-to-zero-day reproducing d-bus systemd-networkd networkd-dispatcher sink-to-source cve-2022-29799 cve-2022-29800
November 14, 2025 November 9, 2025 Research

ctf

CTF > HeroCTF v7

pwn - Paf Traversal

Your mission is to audit a high-performance hash-cracking platform. It achieves its speed by combining a Go-based API server with...

path-traversal environment-variable go
December 4, 2025 November 29, 2025 Easy
CTF > HeroCTF v7

pwn - Crash

I have received a crash report from my server service and I lost my access to the server. The initial...

format-string-bug return-address-overwrite return-oriented-programming core-dump stack-buffer-overflow
December 1, 2025 November 29, 2025 Medium
CTF > HeroCTF v7

pwn - Story Contest

It’s time for you to tell your best story, and maybe you’ll be rewarded accordingly. Good luck !

return-address-overwrite toc-tou race-condition stack-buffer-overflow return-oriented-programming multi-thread decompiling file-descriptor
December 1, 2025 November 29, 2025 Medium

tryhackme

TryHackMe > Linux Machines

Rabbit Hole

It's easy to fall into rabbit holes.

linux sql-injection mariadb mysql information-schema-processlist xss python
November 4, 2025 September 17, 2025 Hard
Icon
TryHackMe > Linux Machines

TryHack3M: Subscribe

Can you help Hack3M reach 3M subscribers?

linux tryhack3m bypass-filter cookie mysql sql-injection splunk log-file forensic error-based-sql-injection
November 4, 2025 September 7, 2025 Medium
Icon
TryHackMe > Windows Machines

Retro

New high score!

windows wordpress web-shell rce php sweet-potato rdp recycle-bin browsing-history cve-2019-1388
November 4, 2025 September 6, 2025 Hard
Icon

hackthebox

HackTheBox > Labs

Skills Assessment

Final labs in the module "Information Gathering - Web Edition"

osint subdomain
November 4, 2025 September 30, 2025 Easy
HackTheBox > Labs

Footprinting Lab

linux ftp private-key-discovery
November 4, 2025 September 23, 2025 Easy
HackTheBox > Labs

Footprinting Lab

linux pop3 imap snmp private-key-discovery mysql
November 4, 2025 September 23, 2025 Hard

cheatsheets

CheatSheets

Web Reconnaissance Cheatsheet

CheatSheet dành cho các phương pháp và công cụ trong Web Reconnaissance

osint cheatsheet dns crawling log-file subdomain
November 4, 2025 September 22, 2025 Info
Icon
CheatSheets

Metasploit Cheatsheet

Cheatsheet dành cho Metasploit (modules, commands, databases, msfvenom, meterpreter)

cheatsheet metasploit
November 4, 2025 September 17, 2025 Info
Icon
CheatSheets

NMAP Cheatsheet

Cheatsheet dành cho Nmap (target specification, host discovery, port scanning, port states, scripts, output formats, bypass firewall, IDS/IPS)

cheatsheet bypass-firewall ids-ips-evasion bypass-filter dns
November 4, 2025 September 17, 2025 Info
Icon
See all of my posts in Blog