🧠 Cybersecurity engineer in the making – blending risk, automation, and offense. Working at BASF Cyber Security Risk Management, building and breaking systems since 2023.

Featured

SQLi Hands-On: Injecting Chaos

Posted on May 16, 2025 10 mins

A practical deep dive into SQL Injection in DVWA — from simple payloads to reading and writing files, fuzzing with ffuf, and scripting attacks in Burp Suite.
Breaking Htb Underpass

Posted on May 15, 2025 11 mins

Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.
What I Do After the User Flag — My Beginner’s Priv Esc Flow

Posted on May 13, 2025 4 mins

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.
Introduction to Shells — essential knowledge

Posted on Apr 29, 2025 8 mins

Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.

Featured

SQLi Hands-On: Injecting Chaos

Breaking Htb Underpass

What I Do After the User Flag — My Beginner’s Priv Esc Flow

Introduction to Shells — essential knowledge