When working on Capture the Flag (CTF) labs or penetration tests (on LINUX), it is essential to gather information about the target system and look for privilege-escalation opportunities. The follo...

Manage is a Linux-based Vulnlab machine featuring Tomcat and Java RMI services, leading to remote code execution, SSH key retrieval with MFA bypass, and privilege escalation via a misconfigured sud...

I am proud to announce that I have successfully obtained the Certified Web Exploitation Specialist (CWES) certificate from Hack The Box, validating my practical skills in web exploitation and cyber...

Down is a Linux box : bypass a cURL whitelist with two URLs, exploit an index.php parameter to spawn a www-data shell via netcat, then find the 'pswm' master password to decrypt the vault and escal...

Retro2 is an easy Active Directory box from Vulnlab that involves decrypting an MS Access database, Pre-Created Computer Accounts, GenericWrite, AddMember and finally exploiting an RpcEptMapper Reg...

I am proud to announce that I have successfully obtained the eLearnSecurity Junior Penetration Tester (eJPT) certificate.

Step-by-step technical writeup of a stack buffer overflow lab, including vulnerability analysis with Ghidra, debugging with GDB, shellcode crafting, and successful exploitation.

I am proud to announce that I have successfully obtained the Certified Associate Penetration Tester (CAPT) certificate, validating my practical skills in penetration testing and cybersecurity

A comprehensive guide on detecting Windows Active Directory attacks, lateral movements, Pass-the-Hash, Kerberoasting, Golden/Silver Tickets, Responder attacks, and other threats using Splunk and Ze...

Puppy is an easy Windows machine on HTB. Initial access is obtained by abusing weak credentials in an exposed service. User enumeration reveals credentials for a low-privileged account. Privilege e...