HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
active-directory
HackSmarter: StellarComms Writeup
Step-by-step guide for StellarComms, a medium Active Directory box on HackSmarter. We exploit DACL misconfigurations and perform advanced credential recovery.
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
HackSmarter: Welcome Writeup
A complete writeup of the HackSmarter 'Welcome' machine. Learn about Active Directory privilege escalation, PDF cracking, and ADCS certificate abuse.
adcs
HackSmarter: Welcome Writeup
A complete writeup of the HackSmarter 'Welcome' machine. Learn about Active Directory privilege escalation, PDF cracking, and ADCS certificate abuse.
ai
HTB Cyber Apocalypse 2025 - AI Challenges
Exploring the AI category in the HTB Cyber Apocalypse 2025 CTF. This write-up covers prompt injection and model manipulation challenges with step-by-step logic.
api
APISEC-CON CTF May 2025 - Writeups
Solutions for the API security challenges featured in the APISEC-CON CTF (May 2025). I cover broken object-level authorization and complex API vulnerability.
APISEC CTF 2025 - Writeup
A detailed walkthrough of the APISEC CTF 2025, featuring the 'One Request to Rule Them All' challenge. Includes a full video guide and technical methodology.
apisec
APISEC-CON CTF May 2025 - Writeups
Solutions for the API security challenges featured in the APISEC-CON CTF (May 2025). I cover broken object-level authorization and complex API vulnerability.
APISEC CTF 2025 - Writeup
A detailed walkthrough of the APISEC CTF 2025, featuring the 'One Request to Rule Them All' challenge. Includes a full video guide and technical methodology.
atlantis
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
bscp
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
burpsuite
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
capenx
CAPenX Certification: Review
My comprehensive review of the SecOps Group CAPenX certification. I share my exam experience, study resources, and essential tips for passing on your first try.
cbbh
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
certifications
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
CAPenX Certification: Review
My comprehensive review of the SecOps Group CAPenX certification. I share my exam experience, study resources, and essential tips for passing on your first try.
charcol
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
codeparttwo
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
command-injection
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
crushftp
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
ctf
APISEC-CON CTF May 2025 - Writeups
Solutions for the API security challenges featured in the APISEC-CON CTF (May 2025). I cover broken object-level authorization and complex API vulnerability.
b01lersc CTF 2025 - Web Writeup
Detailed write-up for two challenging web tasks from b01lersc CTF 2025. I break down the exploitation chain from discovery to obtaining the final flag easily.
HTB Cyber Apocalypse 2025 - Web Challenges
Comprehensive solutions for the Web challenges during the HTB Cyber Apocalypse 2025 CTF. Learn about modern web vulnerabilities and bypasses used in the event.
HTB Cyber Apocalypse 2025 - AI Challenges
Exploring the AI category in the HTB Cyber Apocalypse 2025 CTF. This write-up covers prompt injection and model manipulation challenges with step-by-step logic.
APISEC CTF 2025 - Writeup
A detailed walkthrough of the APISEC CTF 2025, featuring the 'One Request to Rule Them All' challenge. Includes a full video guide and technical methodology.
cve-2024-4577
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
cve-2024-5932
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
cve-2025-31161
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
cwes
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
dpapi
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
erlang
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
gitea
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
gitoops
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
giveback
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
hacksmarter
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
HackSmarter: StellarComms Writeup
Step-by-step guide for StellarComms, a medium Active Directory box on HackSmarter. We exploit DACL misconfigurations and perform advanced credential recovery.
hackthebox
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
htb
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
HTB Cyber Apocalypse 2025 - Web Challenges
Comprehensive solutions for the Web challenges during the HTB Cyber Apocalypse 2025 CTF. Learn about modern web vulnerabilities and bypasses used in the event.
HTB Cyber Apocalypse 2025 - AI Challenges
Exploring the AI category in the HTB Cyber Apocalypse 2025 CTF. This write-up covers prompt injection and model manipulation challenges with step-by-step logic.
js2py
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
kerberoasting
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
kerberos
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
kubernetes
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
lfi
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
linux
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
mssql
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
npbackup
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
ntds
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
ntlm-reflection
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
ntlm-relay
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
offsec
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
oscp
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
password-cracking
HackSmarter: Welcome Writeup
A complete writeup of the HackSmarter 'Welcome' machine. Learn about Active Directory privilege escalation, PDF cracking, and ADCS certificate abuse.
pentesting
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
portswigger
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
restore-ad-object
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
review
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
CAPenX Certification: Review
My comprehensive review of the SecOps Group CAPenX certification. I share my exam experience, study resources, and essential tips for passing on your first try.
runc
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
s3
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
sandbox-escape
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
signed
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
soulmate
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
terraform
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
voleur
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
web
b01lersc CTF 2025 - Web Writeup
Detailed write-up for two challenging web tasks from b01lersc CTF 2025. I break down the exploitation chain from discovery to obtaining the final flag easily.
HTB Cyber Apocalypse 2025 - Web Challenges
Comprehensive solutions for the Web challenges during the HTB Cyber Apocalypse 2025 CTF. Learn about modern web vulnerabilities and bypasses used in the event.
webapp
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
CAPenX Certification: Review
My comprehensive review of the SecOps Group CAPenX certification. I share my exam experience, study resources, and essential tips for passing on your first try.
welcome
Welcome to my blog 👋
Welcome to my cybersecurity blog! Join me as I document my journey through certifications, CTFs, and lab walkthroughs while sharing technical insights daily.
whoami
Welcome to my blog 👋
Welcome to my cybersecurity blog! Join me as I document my journey through certifications, CTFs, and lab walkthroughs while sharing technical insights daily.
windows
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
HackSmarter: StellarComms Writeup
Step-by-step guide for StellarComms, a medium Active Directory box on HackSmarter. We exploit DACL misconfigurations and perform advanced credential recovery.
writespn
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
writeup
HackSmarter: StellarComms Writeup
Step-by-step guide for StellarComms, a medium Active Directory box on HackSmarter. We exploit DACL misconfigurations and perform advanced credential recovery.
HackSmarter: Welcome Writeup
A complete writeup of the HackSmarter 'Welcome' machine. Learn about Active Directory privilege escalation, PDF cracking, and ADCS certificate abuse.
APISEC-CON CTF May 2025 - Writeups
Solutions for the API security challenges featured in the APISEC-CON CTF (May 2025). I cover broken object-level authorization and complex API vulnerability.
b01lersc CTF 2025 - Web Writeup
Detailed write-up for two challenging web tasks from b01lersc CTF 2025. I break down the exploitation chain from discovery to obtaining the final flag easily.
HTB Cyber Apocalypse 2025 - Web Challenges
Comprehensive solutions for the Web challenges during the HTB Cyber Apocalypse 2025 CTF. Learn about modern web vulnerabilities and bypasses used in the event.
HTB Cyber Apocalypse 2025 - AI Challenges
Exploring the AI category in the HTB Cyber Apocalypse 2025 CTF. This write-up covers prompt injection and model manipulation challenges with step-by-step logic.
APISEC CTF 2025 - Writeup
A detailed walkthrough of the APISEC CTF 2025, featuring the 'One Request to Rule Them All' challenge. Includes a full video guide and technical methodology.
xss
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.