PortSwigger Lab: Blind SQL Injection with Conditional Responses

A writeup for PortSwigger’s Blind SQL Injection with Conditional Responses lab, covering boolean-based testing, administrator password extraction, Burp Intruder, Cluster Bomb, grep match, and binary search logic.

June 5, 2026 · 6 min · Max Tse

Hack The Box - Forest Writeup

A writeup for HTB Forest, covering Active Directory enumeration, anonymous LDAP and RPC enumeration, AS-REP roasting, BloodHound analysis, ACL abuse, DCSync, and domain compromise.

June 1, 2026 · 7 min · Max Tse

OffSec Proving Grounds Practice - Resourced Writeup

A writeup for the Resourced lab, covering SMB enumeration, credential discovery, NTDS dumping, WinRM access, BloodHound analysis, and Resource-Based Constrained Delegation.

May 31, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Jacko Writeup

A writeup for the Jacko lab, covering H2 Database exploitation through JNI, reverse shell access, Windows enumeration, and privilege escalation using SeImpersonatePrivilege.

May 27, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Internal Writeup

A writeup for the Internal lab, covering SMB enumeration, MS09-050 vulnerability research, exploit testing, and exploitation using Metasploit.

May 25, 2026 · 6 min · Max Tse

CTF Challenge - Chortle Writeup

A writeup for a CTF Challenge, covering hidden data extraction, ZIP cracking, web enumeration, API signature forgery, SQLite database analysis, and file read abuse.

May 24, 2026 · 6 min · Max Tse

OffSec Proving Grounds Practice - Hutch Writeup

OffSec Proving Grounds Practice - Hutch Writeup This is my writeup for Hutch, a Windows Active Directory machine from OffSec Proving Grounds Practice. Compared with my previous AuthBy writeup, this lab was more focused on Active Directory enumeration and privilege escalation. The most important lesson was that a domain compromise does not always start with an exploit. In this case, the attack path came from careful LDAP enumeration, credential discovery, BloodHound analysis, and abuse of LAPS read permissions. ...

May 23, 2026 · 10 min · Max Tse

OffSec Proving Grounds Practice - AuthBy Writeup

OffSec Proving Grounds Practice - AuthBy Writeup This is my writeup for AuthBy, a Windows machine from OffSec Proving Grounds Practice. I found this machine quite useful because the attack path was not just about scanning and running a public exploit. The chain started from FTP enumeration, moved into credential discovery, then web access, initial foothold through a PHP reverse shell, and finally Windows privilege escalation. The overall attack path was: ...

May 19, 2026 · 9 min · Max Tse