Blog Entries

25. 09. 2025 Mattia Codato CTF Writeups, Development, Events

Preparing for WP CTF 2025

Summer is over, autumn is here – and so is the most anticipated event of the year for cybersecurity students: WP CTF 2025. Every year, the WP CTF draws cybersecurity students hungry to learn, compete, and put their skills to the test. Our marketing team has been working for months to organize an incredible event,…

Read More
16. 11. 2023 Beatrice Dall'Omo Red Team, SEC4U

Don’t Go without EPSS: Vulnerability Prioritization

During a Vulnerability Remediation process, understanding which vulnerabilities pose a real and significant risk for an organization is not so obvious, and most of the time it involves several different aspects. It takes into consideration several factors related to available resources and time, company assets, severity, compatibility with fix methodologies, and others.  There is no…

Read More
02. 01. 2023 Beatrice Dall'Omo Red Team, SEC4U

Focus on the noPac Attack

In December 2021 Microsoft revealed two vulnerabilities concerning an Active Directory Domain Services privilege elevation, classified as CVE-2021-42278 and CVE-2021-42287. By combining the two exploits in the so-called noPac attack, a malicious actor could perform a privilege escalation by impersonating the Domain Administrator after starting out as a standard user. This would lead to a…

Read More
20. 09. 2021 Thomas Forrer CTF Writeups, SEC4U

RomHack CTF 2021: Table of Contents Writeup

At Wuerth Phoenix, we recently introduced a security-focused guild, and decided to attend our first security CTF (Capture The Flag) challenge: RomHack CTF 2021. After panicking initially (there were really difficult challenges!) we stayed calm, and managed to solve the table of contents challenge in the ‘pwn’ category, which made our team finish in 21st…

Read More

Archive