Your Router Is My Router — TL/DR: The Wavlink WL-WN531P3 router exposes an API endpoint susceptible to command injection. This API endpoint is reachable without an authentication header, meaning the vulnerability can be exploited by an unauthenticated attacker. Furthermore, the router has no CSRF protection, thus RCE can be achieved without connecting to the local network. Vulnerability Description and Discovery:

How I Became A Professional Hacker For Fun And Profit — There is an argument online I stumble across regularly about the effectiveness of challenge sites and CTFs when it comes to their real-world application. While I cannot speak for everyone’s experience, I wanted to write a post detailing how working with these practice challenges landed me my first job in…