Feel free to contact and stay connected
Recent Posts
PortSwigger Lab: Blind SQL Injection with Conditional Responses
A writeup for PortSwigger’s Blind SQL Injection with Conditional Responses lab, covering boolean-based testing, administrator password …
Hack The Box - Forest Writeup
A writeup for HTB Forest, covering Active Directory enumeration, anonymous LDAP and RPC enumeration, AS-REP roasting, BloodHound analysis, ACL abuse, …
OffSec Proving Grounds Practice - Resourced Writeup
A writeup for the Resourced lab, covering SMB enumeration, credential discovery, NTDS dumping, WinRM access, BloodHound analysis, and Resource-Based …
OffSec Proving Grounds Practice - Jacko Writeup
A writeup for the Jacko lab, covering H2 Database exploitation through JNI, reverse shell access, Windows enumeration, and privilege escalation using …
OffSec Proving Grounds Practice - Internal Writeup
A writeup for the Internal lab, covering SMB enumeration, MS09-050 vulnerability research, exploit testing, and exploitation using Metasploit.
CTF Challenge - Chortle Writeup
A writeup for a CTF Challenge, covering hidden data extraction, ZIP cracking, web enumeration, API signature forgery, SQLite database analysis, and …
OffSec Proving Grounds Practice - Hutch Writeup
OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. …
Cookie Crumbles Notes: Cookies Need Integrity, Not Just Confidentiality
My notes and reflections on the USENIX Security 2023 paper Cookie Crumbles, focusing on cookie integrity, SameSite limitations, session fixation, and …
OffSec Proving Grounds Practice - AuthBy Writeup
OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this …