Name: #BoxFriday27 - Backfire (Medium)
Start: 2025-06-20T20:00:00+03:00
End: 2025-06-20T22:00:00+03:00

Join us for this week’s HTB KE Meetup as we dive into the Backfire (Medium) box on Hack The Box!
In this session, our guest speaker—a skilled cybersecurity and digital forensics expert—will walk us through how to exploit an exposed Havoc C2 server using Server-Side Request Forgery (SSRF) to gain Remote Code Execution via its WebSocket API. We’ll then pivot to another local C2, Hardhat, and craft a malicious JWT token using a default hardcoded secret. To wrap it up, we’ll explore how to escalate privileges by abusing `iptables` commands to achieve arbitrary file write.

Fraiser Kilonzo

Catherine Kamau

Hack The Box

Lentine Khakai

Hack The Box Meetup: Kenya

Technology

Software Development

Network Security

Web Development

Hacking

Information Security

Computer Security

Cybersecurity

Computer & Information Network Security

Pauline Wairimu (Mystique) is a seasoned cybersecurity professional with a strong background in Digital Forensics, and Threat Intelligence and also a CTF player. Our guest has hands-on experience in threat detection, malware analysis, incident response, and CTI. From analyzing APTs and fileless malware to conducting in-depth forensic investigations with tools like Encase, Autopsy, and Axiom, she brings a sharp, research-driven approach to tackling modern cyber threats. Join us as she shares her insights and approach to solving the Backfire box!

#BoxFriday27 - Backfire (Medium)

Details