# theB10G

## theB10G

- [Welcome/whoami](https://blog.smithsecurity.biz/readme.md): Welcome to my blog!
- [Malware Analyst for a day](https://blog.smithsecurity.biz/malware-analyst-for-a-day.md): Reversing some backdoored Visual Studio projects
- [Spooky Scammers (Back for the holidays)](https://blog.smithsecurity.biz/spooky-scammers-back-for-the-holidays.md): A new USPS SMS phishing kit is on the block
- [Hacking the Scammers](https://blog.smithsecurity.biz/hacking-the-scammers.md): How someone I don't know hacked the scammers back
- [Systematic Destruction (Hacking the Scammers pt. 2)](https://blog.smithsecurity.biz/systematic-destruction-hacking-the-scammers-pt.-2.md): Taking on the "Smishing Triad"
- [SQL Injection in Security Cleared Job Site](https://blog.smithsecurity.biz/sql-injection-in-security-cleared-job-site.md): Error-Based SQL Injection in Security Cleared Job Site
- [XSS Security Policy Bypass](https://blog.smithsecurity.biz/xss-security-policy-bypass.md): Bypassing security policy to exploit cross-site scripting using browser history
- [Craft CMS Unauthenticated SQLi via GraphQL](https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql.md): Craft CMS Unauthenticated Blind (time-based) SQL Injection via GraphQL API Endpoint. Craft CMS <= 3.7.31
- [MISI Hack the Building 2.0 Hospital Edition](https://blog.smithsecurity.biz/misi-hack-the-building-2.0-hospital-edition.md): Hacking a "hospital" for fun and profit $$$
- [Booked v2.5.5/LabArchives Scheduler Vulnerability](https://blog.smithsecurity.biz/booked-v2.5.5-labarchives-scheduler-vulnerability.md): My first CVE? CVE-2023-24058
- [CTF Writ3ups](https://blog.smithsecurity.biz/ctf-writeups.md): Checkout my CTF writeups
- [ARCENT Best Cyber Warrior 2023](https://blog.smithsecurity.biz/arcent-best-cyber-warrior-2023.md): Quick challenge writeups for the CTF to explain exploitation.
- [Bounty Hunter Writeup](https://blog.smithsecurity.biz/bounty-hunter-writeup.md): Hack the Box Bounty Hunter writeup
- [Previse Writeup](https://blog.smithsecurity.biz/previse-writeup.md): Hack the Box Previse Writeup
- [eJPT certification Review](https://blog.smithsecurity.biz/ejpt-certification-review.md): eLearnSecurity Junior Penetration Tester review
- [Sauna Writeup](https://blog.smithsecurity.biz/sauna-writeup.md): Hack the Box Sauna Writeup
- [Active Writeup](https://blog.smithsecurity.biz/active-writeup.md): Hack the Box Active Writeup
- [Driver Writeup](https://blog.smithsecurity.biz/driver-writeup.md): Hack the Box Driver machine writeup
- [Trick Writeup](https://blog.smithsecurity.biz/trick-writeup.md): Hack the Box Trick machine writeup
- [GraphQL Query Authentication Bypass Vuln](https://blog.smithsecurity.biz/graphql-query-authentication-bypass-vuln.md): Bypassing GraphQL query authentication using a new technique
- [eWPT Certification Review](https://blog.smithsecurity.biz/ewpt-certification-review.md): eLearnSecurity Web Application Penetration Tester Certification Review
- [2022 DOE Cyberforce Competition](https://blog.smithsecurity.biz/2022-doe-cyberforce-competition.md): 2022 Department of Energy Cyberforce Competition Overview
- [Data Mining CVEs and Exploits](https://blog.smithsecurity.biz/data-mining-cves-and-exploits.md): BIT 3434 Research Project - Group 54
- [eCPPTv2 Certification Review](https://blog.smithsecurity.biz/ecpptv2-certification-review.md): eLearnSecurity Certified Professional Penetration Tester Review
- [Breaking GraphQL Presentation](https://blog.smithsecurity.biz/breaking-graphql-presentation.md): AvengerCON VII Presentation on Breaking GraphQL
- [Springshare LibApps Stored XSS](https://blog.smithsecurity.biz/springshare-libapps-stored-xss.md): Springshare LibApps authenticated Stored XSS in discussions.php


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on a page URL with the `ask` query parameter:
```
GET https://blog.smithsecurity.biz/readme.md?ask=<question>
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.