Hacking Articles

HTB DevArea Complete Writeup - CVE-2022-46364 Apache CXF LFI & HoverFly RCE

Mon, 30 Mar 2026 00:00:00 GMT

DevArea is a Medium-difficulty HackTheBox machine from Season 10 featuring an internal developer platform exposed across multiple services. The exploitation chain begins with anonymous FTP access to a leaked JAR file, which reveals an Apache CXF SOAP service vulnerable to a critical XOP/MTOM Local File Inclusion (CVE-2022-46364 / CVE-2022-46363). Reading the HoverFly systemd service file leaks admin credentials, which are used to authenticate against the HoverFly Admin API and obtain a JWT token. From there, a malicious middleware payload injected via the /api/v2/hoverfly/middleware endpoint delivers a reverse shell as dev_ryan. Privilege escalation to root exploits a world-writable /bin/bash binary combined with a sudo-permitted script to plant a root-owned SUID shell. This writeup provides a complete step-by-step walkthrough with detailed technical analysis of each exploitation stage.

HTB Kobold Complete Writeup — CVE-2026-23744 MCP Inspector RCE & Docker Escape

Mon, 30 Mar 2026 00:00:00 GMT

Kobold is an Easy-difficulty HackTheBox machine from Season 10 built around modern AI tooling infrastructure. The attack chain begins with subdomain enumeration uncovering an MCPJam Inspector instance vulnerable to CVE-2026-23744 — a critical unauthenticated RCE in the /api/mcp/connect endpoint that allows arbitrary command execution via a crafted serverConfig payload. This delivers a reverse shell as the user ben. Privilege escalation exploits an implicit Docker group membership accessible via newgrp docker, which is leveraged to mount the host filesystem inside a root-running MySQL container and read the root flag directly — a textbook Docker socket escape. This writeup provides a complete step-by-step walkthrough with beginner-friendly explanations of each technique.

The Hacker's Guide to Not Burning Out: Mental Health in Cybersecurity

Fri, 27 Mar 2026 00:00:00 GMT

Burnout is endemic in cybersecurity. 84% of professionals report experiencing it, 50% expect to burn out within 12 months, and job satisfaction is at an all-time low. This honest, research-backed guide covers the real causes of hacker burnout, how to recognize it before it wrecks you, and actionable strategies that actually work - from a community that's finally starting to talk about it openly.

50 Hacker Jokes So Bad They're Actually Good (Guaranteed to Make Your Teammates Groan)

Fri, 27 Mar 2026 00:00:00 GMT

Sometimes you just need to laugh. 50 carefully curated hacker, CTF, pentesting, and infosec jokes - ranging from clean puns to certified groan-worthy dad jokes. Organized by category for maximum damage. Share with your team. Lose friends. Worth it.

Vibe Hacking Explained: How AI Is Letting Complete Beginners Launch Real Attacks

Thu, 26 Mar 2026 00:00:00 GMT

Vibe hacking is the dark twin of vibe coding - using AI tools to launch cyberattacks without needing to understand how they work. With verified real-world incidents including a Moltbook breach exposing 1.5 million tokens and Claude AI being used to run full extortion campaigns, this deep-dive covers exactly what vibe hacking is, how it works, and how defenders need to adapt in 2026.

litellm Supply Chain Attack (March 2026): How TeamPCP Backdoored a PyPI Package Used by Millions

Thu, 26 Mar 2026 00:00:00 GMT

On March 24, 2026, threat actor TeamPCP published two backdoored versions of litellm to PyPI, affecting developers who installed v1.82.7 or v1.82.8 during a 3-hour window. This is a verified, technical breakdown of exactly how the attack happened, what the malware did, how to check if you're affected, and what it means for supply chain security going forward.

SQL Injection Is Not Dead: Modern SQLi Techniques That Still Work in 2026

Thu, 26 Mar 2026 00:00:00 GMT

SQL injection has been 'dead' for over a decade - and it keeps not dying. This practical 2026 guide covers why SQLi persists, the modern techniques that bypass modern defenses, real CVEs that prove it still works against production applications, tool-based and manual methodology, and WAF evasion approaches used in current bug bounty and penetration testing work.

AI-Powered OSINT in 2026: How Machine Learning Is Changing the Way We Investigate

Wed, 25 Mar 2026 00:00:00 GMT

AI and machine learning have transformed open-source intelligence from a slow, manual discipline into a real-time, automated powerhouse. This deep-dive covers the tools, real scenarios, techniques, and ethical lines every OSINT investigator must understand in 2026.

One Username, Entire Identity: How OSINT Investigators Build Full Profiles From Almost Nothing

Wed, 25 Mar 2026 00:00:00 GMT

Most people use the same username everywhere. That single habit is an OSINT investigator's greatest gift. This step-by-step guide walks through the complete methodology for building a full identity profile from a single username — using free tools, real scenarios, and techniques used by law enforcement, journalists, and security researchers in 2026.

AI is Now Your Biggest Enemy in CTFs - Here's How to Fight Back

Tue, 24 Mar 2026 00:00:00 GMT

AI agents are solving CTF challenges faster than human experts in 2026. This opinion piece breaks down what that means for your skills, your career, and how to stay relevant as a hacker in the age of agentic AI.

From Zero to Root: A Beginner's Complete Guide to Solving HTB Easy Machines in 2026

Tue, 24 Mar 2026 00:00:00 GMT

New to Hack The Box? This complete 2026 beginner's guide walks you through every step — from setting up your VPN to rooting your first Easy machine. Tools, methodology, tips, and real examples inside.

How to Write a CTF Writeup That Gets 10,000 Views (SEO + Structure Guide)

Tue, 24 Mar 2026 00:00:00 GMT

Want your CTF writeup to actually get read? This complete guide covers SEO, structure, storytelling, images, and the #1 reason most writeups get zero traffic — and how to fix it.

HTB VariaType Complete Writeup — CVE-2025-66034 & Font Exploitation

Sun, 15 Mar 2026 00:00:00 GMT

VariaType is a cutting-edge HackTheBox machine from Season 10 featuring a web-based variable font generator. The exploitation chain involves chaining three critical vulnerabilities—fontTools CVE-2025-66034 for initial webshell creation, FontForge CVE-2024-25081 for lateral privilege escalation to the steve user, and a setuptools PackageIndex path traversal vulnerability for root access. This writeup provides complete step-by-step instructions with detailed technical analysis of each exploit mechanism.

CCTV HackTheBox Writeup — Season 10 Linux Machine Walkthrough

Sun, 08 Mar 2026 00:00:00 GMT

A comprehensive walkthrough of the CCTV machine from HackTheBox Season 10. This Medium-difficulty Linux machine writeup covers ZoneMinder default credentials, exploiting CVE-2024-51482 SQL injection to extract and crack bcrypt hashes, leveraging a tcpdump Linux capability to sniff plaintext credentials from Docker network traffic, SSH port forwarding to expose an internal MotionEye instance, and achieving root via CVE-2025-60787 remote code execution using Metasploit. A must-read for penetration testers tackling multi-step Linux exploitation chains.

Pirate HackTheBox Writeup — Complete Season 10 Machine Walkthrough

Wed, 04 Mar 2026 00:00:00 GMT

A comprehensive walkthrough of the Pirate machine from HackTheBox Season 10. This Hard-difficulty Windows machine writeup covers initial access with provided credentials, Active Directory enumeration, lateral movement strategies, privilege escalation techniques, and achieving SYSTEM access. Learn how to compromise this challenging HTB Windows machine with detailed methodology, practical command examples, and SEO-optimized content for cybersecurity professionals.

Interpretor HackTheBox Writeup — Complete Machine Walkthrough

Mon, 23 Feb 2026 00:00:00 GMT

A comprehensive walkthrough of the Interpretor machine from HackTheBox. This writeup covers reconnaissance, enumeration techniques, initial foothold exploitation, lateral movement strategies, and privilege escalation to root. Learn how to compromise this challenging HTB machine with detailed methodology and practical command examples.

BITSCTF 2026 Writeup — Jetpack Drift & Radio Telescope

Sun, 22 Feb 2026 00:00:00 GMT

Full BITSCTF 2026 writeup covering the Jetpack Drift and Radio Telescope challenges. Includes PCAP triage with tshark, AES-CTR rolling-key decryption, hash chain reconstruction, ICO/PNG extraction, OCR flag reading, and signal anomaly detection — with complete Python exploit scripts and step-by-step methodology for competitive CTF players.

FrameOS: Effortless Screenshot Framing for Developers and Designers

Sat, 21 Feb 2026 00:00:00 GMT

FrameOS is a free, browser-based tool that transforms raw screenshots into polished, professional mockups using modern OS frames. It features batch processing, exact App Store dimensions, and entirely client-side execution to ensure your images remain secure and private.

Digital Hearts: Navigating Romance in the Age of AI and Algorithms

Thu, 19 Feb 2026 00:00:00 GMT

Explore the evolving landscape of modern love, from the complexities of dating apps to the rise of AI companions. Discover real-life stories, psychological impacts, and future trends in digital intimacy

0xFUN CTF 2026: Global Jeopardy-Style Cybersecurity Challenge

Sun, 15 Feb 2026 00:00:00 GMT

0xFUN CTF 2026 is a 48-hour online Capture The Flag competition that pits teams and individual players against a series of mixed-difficulty cybersecurity challenges across web exploitation, reverse engineering, cryptography, forensics, OSINT and more. Built to be both approachable for beginners and deep enough to challenge intermediate competitors, this event emphasizes hands-on learning, creative problem-solving, and practical exploitation techniques in a high-pressure, competitive format that mirrors real offensive security work.

WingData HackTheBox Walkthrough – Season 10 Full Exploit & Root Guide

Sun, 15 Feb 2026 00:00:00 GMT

WingData is a HackTheBox Season 10 machine that challenges players with realistic enumeration, service exploitation, and privilege escalation techniques. This walkthrough breaks down the full attack chain from initial reconnaissance to root, with clear commands and practical reasoning for each step.

Hack The Box Sorcery Writeup (Season 8) – Complete Walkthrough | Insane Linux Machine

Thu, 12 Feb 2026 00:00:00 GMT

Sorcery is a Medium difficulty Linux machine from Hack The Box Season 8 that focuses on web application exploitation, misconfigurations, and privilege escalation techniques. In this walkthrough, we perform full reconnaissance, identify the attack surface, exploit vulnerabilities to gain initial access, and escalate privileges to root. This guide breaks down every phase of the attack chain with practical methodology and command examples, making it ideal for penetration testers, red teamers, and HTB players preparing for real-world scenarios.

Pterodactyl Hack The Box Write-Up-Medium Linux Machine Walkthrough

Mon, 09 Feb 2026 00:00:00 GMT

This write-up covers the full compromise of the Pterodactyl machine from Hack The Box, a Medium-difficulty Linux challenge. It walks through initial reconnaissance, service enumeration, vulnerability discovery, exploitation paths, and the privilege escalation techniques required to achieve root access. Ideal for penetration testers and CTF players looking to sharpen real-world Linux exploitation skills and structured attack methodology.

Facts Hack The Box Writeup-Sudo Privilege Escalation via Facter (Linux)

Sun, 01 Feb 2026 00:00:00 GMT

In this walkthrough of the Facts machine from Hack The Box, we exploit a misconfigured sudo rule allowing the execution of Facter as root. By abusing Facter's --custom-dir option, we load a malicious Ruby fact file that executes with UID 0. Instead of spawning an unstable shell, we apply the SetUID bit to /bin/bash, gaining a persistent root shell via bash -p. This writeup covers enumeration, attack reasoning, exploitation mechanics, and a clean privilege escalation path to root.

Conversor Hack The Box Writeup & Walkthrough (XSLT Injection, Linux PrivEsc)

Fri, 30 Jan 2026 00:00:00 GMT

Step-by-step Conversor Hack The Box walkthrough covering XSLT injection, remote code execution, reverse shell via cron jobs, SQLite credential extraction, SSH access, and Linux privilege escalation using CVE-2024-48990 (needrestart). Ideal for penetration testers, red teamers, and CTF players seeking real-world Linux exploitation techniques.

Signed Hack The Box Writeup & Walkthrough (Windows, AD CS, Certificate Abuse)

Fri, 30 Jan 2026 00:00:00 GMT

Step-by-step Signed Hack The Box walkthrough covering Windows enumeration, Active Directory Certificate Services (AD CS) abuse, certificate-based authentication attacks, lateral movement, and privilege escalation to SYSTEM. Ideal for penetration testers, red teamers, and CTF players focusing on modern Active Directory attack paths.

NICC 2026 CTF - Namibia International Cybersecurity Conference Write-Up

Thu, 29 Jan 2026 00:00:00 GMT

This write-up documents my full solution path for the NICC CTF 2026, covering all challenge categories including OSINT, Web, Reverse Engineering, PWN, and Industrial Control Systems (ICS). Rather than focusing only on final answers, this write-up emphasizes methodology, attacker mindset, and real-world exploitation logic -from open-source intelligence gathering and web vulnerability chaining to low-level binary analysis and Modbus/TCP memory disclosure in simulated industrial environments.

Hercules HackTheBox Writeup & Walkthrough (Active Directory, Windows, PrivEsc)

Sun, 25 Jan 2026 00:00:00 GMT

Step-by-step Hercules HackTheBox walkthrough for 2026. Learn enumeration, Windows and Active Directory exploitation, privilege escalation, and CTF skills. Ideal for penetration testers, red teamers, and cybersecurity enthusiasts seeking real-world attack paths and solutions.

HTB Fries-complete Writeup

Mon, 19 Jan 2026 00:00:00 GMT

Fries is a full enterprise-style attack chain where a leaked pgAdmin credential leads to Docker RCE, NFS loot, LDAP credential capture, and finally AD CS (ESC6 + ESC16) abuse to forge an Administrator certificate. It's a complete pivot-through-every-layer machine ending in total domain compromise.

SWIMMER CTF OSINT Writeup: Advanced Image Forensics, AI Decoy Detection, and Real-World Attributionon open source intelligence.

Sat, 17 Jan 2026 00:00:00 GMT

This writeup presents a comprehensive solution to the SWIMMER OSINT CTF, covering multiple challenges involving image verification,social media osint, AI-generated decoy detection, metadata analysis, geolocation, and attribution. The investigation demonstrates how modern OSINT challenges intentionally exploit overreliance on EXIF data and visual assumptions by embedding AIGC fingerprints and misleading context. By combining automated metadata extraction, AI provenance detection, reverse image search, and human-centric reasoning, the correct signals were isolated and verified. This case study highlights practical OSINT techniques required to operate effectively in an era of synthetic media and increasingly deceptive open-source artifacts.

China Osint-Hacktoria-The Hangzhou Pivot: A Multi-Vector OSINT Reconstruction of a T00ls Operative

Thu, 15 Jan 2026 00:00:00 GMT

This investigation documents the systematic de-anonymization of a target initially identified through a legacy security blog. By leveraging identifier reuse across the Chinese internet, the research pivots from a QQ-based email to a comprehensive behavioral profile on Baidu Zhidao. The investigation further utilizes specialized infrastructure mirrors to correlate QQ IDs with mobile numbers and Weibo UIDs, ultimately achieving a three-point geographic convergence in Hangzhou, Zhejiang. The report concludes with an analysis of the target's professional background in IT and the identification of modern blockchain-based access mechanisms within the t00ls community.

Breaking News -bellingcat osint challenge

Wed, 14 Jan 2026 00:00:00 GMT

This OSINT challenge tasks participants with identifying why a specific street made international news in 2025. Using visual clues from Google Street View, solvers must geolocate the exact spot and connect it to a real-world event that triggered widespread public attention. The final step requires correlating that location with a contemporaneous news article published by Al Jazeera, specifically extracting the last two words of the article’s title that featured a header image taken from the same vantage point. The challenge tests geolocation accuracy, temporal awareness, and the ability to cross-reference imagery with credible media reporting — core OSINT skills under real-world constraints.

Climate Question-Bellingcat Open Source Challenge 3

Wed, 14 Jan 2026 00:00:00 GMT

This challenge centers on contextual OSINT within a high-profile international event. Participants are presented with an image from a session at United Nations Climate Change Conference (COP30), held in Belém, and tasked with determining which session it depicts. The investigation requires mapping the visual details of the session—such as panel composition, branding, and staging—to official COP30 schedules and recordings. The final step involves identifying the first audience member to ask a question and extracting their first name, emphasizing careful review of session footage, attention to sequence, and disciplined source verification rather than assumption or guesswork.

Lost in Translation-bellingcat osint challenge2

Wed, 14 Jan 2026 00:00:00 GMT

This challenge focuses on audio-based OSINT, requiring participants to determine the city where an unidentified recording was made. With limited context and language barriers obscuring meaning, solvers must rely on indirect indicators such as accent, background noise, linguistic structure, and regional audio characteristics. By correlating these signals with known geographic and cultural markers, the investigation leads to the city. The puzzle emphasizes a critical OSINT reality — understanding what is being said is often less important than understanding where and why it was recorded.

The Naughty List: HavocSec's 2026 Cybersecurity Predictions (A Developer's Survival Guide)

Mon, 22 Dec 2025 00:00:00 GMT

Quantum Security, Zero Trust Architecture, Developer Security, Code Security, Hacking Trends, HavocSec

NahamCon Winter CTF

Fri, 19 Dec 2025 00:00:00 GMT

NAHAMCON Winter CTF 2025 kicked off on December 17th at 12:00 PM Pacific Time, bringing together the global security community for a fast-paced, high-signal Capture The Flag competition. With a strong focus on real-world offensive and defensive security skills, the event challenged participants across multiple domains while rewarding precision, speed, and depth of understanding. The competition featured a $2,000+ prize pool, including rewards for the top three teams and a bonus for the first team to complete The Mission, backed by industry sponsors such as Flare Academy, Project-Discovery, YesWeHack, Gray Swan, Snyk, and HackingHub.

The Silent Spy: How Malicious Browser Extensions Are Harvesting Your AI Chats and Stealing Credentials.

Wed, 17 Dec 2025 00:00:00 GMT

Browser 'privacy' extensions have eye on your AI, log all your chats More than 8 million people have installed extensions that eavesdrop on chatbot interactions

niteCTF 2025 writeup

Mon, 15 Dec 2025 00:00:00 GMT

The following is an osint walkthrough i had an honour to do.

NexHunt CTF-2025

Mon, 15 Dec 2025 00:00:00 GMT

Blockchain/Web3/SmartContracts Challenges i managed to solve in this in this ctf.

Tech LOLs: A Byte of Humor for Your Inner Geek

Tue, 09 Dec 2025 00:00:00 GMT

Dive into the lighter side of technology with our curated collection of hilarious tech memes, jokes, and GIFs. From the daily struggles of programmers to the absurdities of cybersecurity, this blog post is your go-to source for a much-needed laugh. Whether you're a seasoned developer or just a tech enthusiast, you'll find something to chuckle at in our roundup of the best tech humor on the internet.

P3rf3ctr00t CTF 2025-WRITEUP

Mon, 08 Dec 2025 00:00:00 GMT

In this writeup I walk you through my journey during P3rf3ctr00t CTF 2025 — a 48-hour capture-the-flag marathon organized by p3rf3ctr00t. I break down each challenge I solved: the approach, the mistakes, the wins, and the lessons learned. Whether you’re a first-time CTFer or a seasoned hacker, this writeup aims to give you insight into the problem-solving mindset, the tools, and the strategies that turned chaos into flags.

GlacierCTF Writeup

Sat, 06 Dec 2025 00:00:00 GMT

A series of questions i happened to solve in this ctf ,enjoy

HackTheBox Gavel Walkthrough (Linux – Medium)

Sun, 30 Nov 2025 00:00:00 GMT

This HackTheBox Gavel writeup provides a full walkthrough for the Linux Medium machine from Season 9. it covers the entire exploitation chain, including enumeration, misconfiguration discovery, service abuse, gaining an initial foothold, and achieving root through privilege escalation. This guide is designed for learners who want a clear, realistic, attacker-focused approach to solving HTB gavel machine and improving their penetration testing skills.

Eighteen — HTB S9 machine Writeup

Sat, 29 Nov 2025 00:00:00 GMT

From low MSSQL creds to DA via impersonation, web hash crack, and WinRM. Abuse Bad Successor (dMSA) on Server 2025 to dump NTDS and take Administrator.

The Hidden Risk in Modern Tech: Why Centralizing Everything in One Provider Is a Security Calamity Waiting to Happen

Sat, 22 Nov 2025 00:00:00 GMT

Modern infrastructure looks powerful, but it’s increasingly fragile. When companies centralize everything under a single provider, a single outage can cascade across entire ecosystems — from authentication failures to global service blackouts. Using major AWS, Azure, and Cloudflare outages as evidence, this post breaks down why centralization is a hidden architectural risk and explains how to design systems that remain resilient even when your cloud provider collapses.

How I Levelled Up My Pentesting Workflow by Automating the Boring Stuff

Fri, 21 Nov 2025 00:00:00 GMT

Most pentesters hit a ceiling without realizing it - too much manual recon, too many repeated steps, and too little time spent actually exploiting. I break down how I automated my workflow, removed friction, and built a system that lets me operate faster, smarter, and with fewer mistakes — in real engagements and CTFs.

HTB NanoCorp

Tue, 11 Nov 2025 00:00:00 GMT

A full walkthrough of HTB NanoCorp, covering Windows exploitation, Active Directory abuse, NTLM relay, and privilege escalation techniques.

HTB CodePartTwo Walkthrough

Wed, 29 Oct 2025 00:00:00 GMT

A full walkthrough and exploitation guide for the HTB CodePartTwo machine, covering enumeration, vulnerability analysis, exploitation, and privilege escalation.

Guardian HTB

Tue, 28 Oct 2025 00:00:00 GMT

A step-by-step penetration testing walkthrough of the Guardian machine on HackTheBox.

ProtoVault Breach

Thu, 23 Oct 2025 00:00:00 GMT

A walkthrough of an Offensive Security challenge analyzing a database leak and S3 exposure, including investigation steps and solutions.

QnQSec CTF 2025 Writeup

Tue, 21 Oct 2025 00:00:00 GMT

A comprehensive writeup of the OSINT challenges faced during the QnQSec CTF 2025.

DarkZero HTB

Tue, 07 Oct 2025 00:00:00 GMT

A detailed walkthrough of the HackTheBox DarkZero machine including initial enumeration, database exploitation, and privilege escalation to domain admin.

K17 CTF Writeup

Sun, 21 Sep 2025 00:00:00 GMT

A Capture The Flag event by the UNSW Security Society. There are challenges in Web, Pwn, Misc, Crypto, Rev, and an additional Beginner category. The event is beginner-friendly, but with a wide range of challenge difficulties.

HackTheBox Expressway

Sun, 21 Sep 2025 00:00:00 GMT

A detailed walkthrough of the HackTheBox Expressway machine including initial enumeration, foothold, and privilege escalation.

The Good Side of Open Source: Why It Matters to You

Tue, 26 Aug 2025 00:00:00 GMT

Open source software is more than just a coding philosophy; it's a movement that empowers individuals and fosters innovation. Discover how it impacts your life and the tech you use every day.

scriptCTF Writeup

Mon, 18 Aug 2025 00:00:00 GMT

* This game was developed, hosted and released by ScriptSorcerers !!*

Level Up Your Learning: How to Master Anything (Even if You're Starting from Scratch!)

Fri, 15 Aug 2025 00:00:00 GMT

In a world where knowledge is power, learning how to learn is your ultimate superpower. This guide will take you through the essential steps to become a self-taught expert in any field.

The Dark Side of Open Source: When Community Projects Go Rogue

Wed, 25 Jun 2025 00:00:00 GMT

Open source software is built by communities and shared freely, but it can also have its dark side. This article explores the risks of malicious code, abandoned projects, and supply chain attacks, while offering tips on how to stay safe in the open-source world.

Your Brain on Memes: The Science Behind Why We Love Internet Humor

Wed, 25 Jun 2025 00:00:00 GMT

Ever found yourself scrolling through your phone, suddenly bursting into laughter at a picture with some text on it? You know, a meme! From grumpy

GPN KITCTF 2025 - CTF Writeup

Sun, 22 Jun 2025 00:00:00 GMT

* This game was developed, hosted and released by KITCTF !!*

The 'Elite' Hacker Wannabes:Social Media Pressure

Tue, 17 Jun 2025 00:00:00 GMT

A humorous take on the social media pressure faced by aspiring hackers, exploring the phenomenon of self-proclaimed 'elite' hackers and the unrealistic expectations they set for beginners in the cybersecurity field.

Security Club of Kimathi CTF

Mon, 16 Jun 2025 00:00:00 GMT

* cool and juicy!!*

My thoughts on being an Hacker

Wed, 11 Jun 2025 00:00:00 GMT

Whats Really Hacking and who Is Really A Hacker.

CYBERGAME-2025 {MALWARE-ANALYSIS & REVERSE-ENG'}

Wed, 11 Jun 2025 00:00:00 GMT