ctf
Securing Silver: My 2nd Place Win at CYBERSECURITY CONFERENCE 2025 CTF in Mannheim
My first comprehensive CTF experience at the CYBERSECURITY CONFERENCE 2025 in Mannheim, where my colleague and I secured 2nd place! We dive into the learning, the race, and essential tips on how to truly prepare (and thrive) in a 24-hour CTF challenge.
artificial-intelligence
Statistical Dreams: The Intimate History of AI
From ancient automatons to the Transformer age, this is the story of how we taught machines to think. We'll dive into breakthroughs like the Perceptron, Backpropagation, and Attention, taking a critical look at AI's origins, its dangers, and where it's headed next.
insecure-deserialization
Python Deserialization Attacks Explained: How Hackers Exploit Pickle (and How to Defend)
Learn how Python deserialization attacks work, see a real Pickle exploit in action, and discover best practices to secure your code against remote code execution vulnerabilities.
htb
Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)
A full walkthrough of the Hack The Box machine "Precious"; from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.
htb
HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo
A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.
regex
An Intro to Regex: The Hacker’s Guide to Pattern Matching
A hands-on, security-minded introduction to regular expressions - from simple matches to character classes, quantifiers, and real-world examples. Learn to wield regex like a precision tool for parsing, filtering, and hacking.
wargames
What I Learned from Bandit Wargames - Level 0-12 (And Why You Should Try It)
Learn practical Linux skills and command-line thinking through the first 12 levels of OverTheWire's Bandit wargame. Sharing lessons, strategies, and powerful command-line tools without spoiling solutions; perfect for aspiring ethical hackers, CTF players, and curious beginners.
exam-prep
A Small Prep Session: PortSwigger Beginner Labs
A short and focused session working through some beginner-level labs from PortSwigger, revisiting the fundamentals of web vulnerabilities like XSS, SQLi, and authentication bypasses.
exam-prep
Uni Exam Practice VM practice: more of LFI2RCE
In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.
exam-prep
Test Exam: Penetration Testing Playbook 01
My personal playbook for my penetration testing test exam, covering all key steps from access via port forwarding to grabbing ALL 8 flags.
interview-prep
Interview Prep Series: Part Two – Technical Deep Dive & Groundwork
Digging into technical fundamentals and real interview questions to sharpen my baseline as a pentester. Inspired by Steflan Security’s interview cheat sheet & my 2nd Cirosec Interview
interview-prep
Interview Prep Series: Part One – Core Concepts & Confidence
Kicking off my interview prep journey with key phases of pentests, handling tricky questions, and building confidence under pressure.
carving
Forensics Challenge Day Three: Carving & Imaging
We dive into forensic imaging, the art of carving, and tools like dd, Foremost, and Scalpel;'essential skills for data recovery and deleted file analysis.
ad-challenge
The Final Part: Active Directory Journay Day Five: Building, Securing, and Managing a Domain
Day Five covers key AD admin tasks - user and group creation, GPO management, and domain joins; using PowerShell with a security-focused approach.
ad-challenge
Active Directory Journey Day Four: Rights, Privileges, GPOs and a Whole Lot More
This post digs into Group Policy, Active Directory privileges, and built-in groups. I break down who has silent power, how attackers exploit User Rights, and what defenders can do to lock it down. Expect practical cheatsheets, tools, and battle-tested hardening tips.
ad-challenge
Active Directory Journey Day Three - All about Users & Groups
This post digs into Active Directory user accounts, local vs. domain context, and why SYSTEM access is a bigger deal than you think. You’ll learn where users live, how machines act like users, and how attackers use this to map, move, and mischief.
htb
Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog
An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.
ad-challenge
Active Directory Protocols Unpacked: A Practical Learning Journey - Day Two
We're back for day two! The series here are going great hehe. Last time we talked a lot
