https://hexpysya.github.io/tags/no-escalation/Recent content in No Escalation on bubka hacks stuffHugo -- gohugo.ioen-usThu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-javascript-code-detected-in-requested-url/Thu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-javascript-code-detected-in-requested-url/An external IP performed XSS reconnaissance against the /search/ endpoint, cycling through multiple injection payloads. All requests except the first returned HTTP 302, indicating server-side sanitization blocked execution. The attack did not succeed.https://hexpysya.github.io/blue_team/ld-ls-command-detected-in-requested-url/Thu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-ls-command-detected-in-requested-url/Alert triggered on the string ’ls’ found in a legitimate search query parameter. The traffic originated from an internal IP to letsdefend.io and contains no malicious payload. False positive - rule lacks context awareness for partial string matches.https://hexpysya.github.io/blue_team/ld-passwd-found-in-requested-url---possible-lfi-attack/Thu, 02 Apr 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-passwd-found-in-requested-url---possible-lfi-attack/An external Tencent Cloud IP sent a single LFI request targeting /etc/passwd via path traversal. The server returned HTTP 500 with an empty response body, confirming the attack did not succeed.https://hexpysya.github.io/blue_team/ld-possible-sql-injection-payload-detected/Sun, 22 Mar 2026 00:00:00 +0000https://hexpysya.github.io/blue_team/ld-possible-sql-injection-payload-detected/An external IP hosted on DigitalOcean performed a manual SQL injection reconnaissance against an internal web server, cycling through classic SQLi payloads. All requests returned HTTP 500, confirming the attack did not succeed.