ad-challenge
Active Directory Journey Day Four: Rights, Privileges, GPOs and a Whole Lot More
This post digs into Group Policy, Active Directory privileges, and built-in groups. I break down who has silent power, how attackers exploit User Rights, and what defenders can do to lock it down. Expect practical cheatsheets, tools, and battle-tested hardening tips.
ad-challenge
Active Directory Journey Day Three - All about Users & Groups
This post digs into Active Directory user accounts, local vs. domain context, and why SYSTEM access is a bigger deal than you think. You’ll learn where users live, how machines act like users, and how attackers use this to map, move, and mischief.
htb
Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog
An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.
ad-challenge
Active Directory Protocols Unpacked: A Practical Learning Journey - Day Two
We're back for day two! The series here are going great hehe. Last time we talked a lot
forensics-challenge
Forensics Challenge Day Two - Sleuth Kit Deep Dive
On day two of my forensics challenge, I dive deep into Sleuth Kit’s layered toolset. From volumes to inodes, metadata, deleted files, timelines, and journals. I explore the core forensic workflows and decode a real ext4 image step by step.
ad-challenge
Active Directory Demystified: A Practical Learning Journey - Day One
Active Directory powers most enterprise networks, and attackers love it. This guide simplifies AD with real-world analogies and attacker-focused insights to help you learn, enumerate, and exploit it effectively.
forensics-challenge
Digital Forensics Challenge: Basics, Mounting & Analyzing Disk Images (Day 1)
In this introductory forensics lab, we explore how to mount and examine disk images using loop devices, losetup, SleuthKit tools, and file system inspection techniques. A hands-on walkthrough for raw, split, and forensic image formats like AFF and EWF.
remote-code-execution
From LFI to RCE: Exploiting File Inclusion Like a Pro
A hands-on deep dive into exploiting file inclusion vulnerabilities; from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.
digital-forensics
Carving Chaos: Building and Breaking Filesystems for Fun and Forensics
Crafted a Bash-powered forensics playground: build virtual file systems, inject payloads, carve lost files with Foremost & Scalpel — and hit every roadblock worth debugging.
local-file-inclusion
Introduction to File Inclusion
An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI); from classic payloads to modern bypasses, straight from HTB Academy labs.
webshell
From Basic to Blessed: Uplifting Your Webshell Game
From basic payloads to protected and self-destructing shells; a hands-on journey upgrading your webshells for stealth, power, and style.
sql-injection
SQLi Hands-On: Injecting Chaos
A practical deep dive into SQL Injection in DVWA; from simple payloads to reading and writing files, fuzzing with ffuf, and scripting attacks in Burp Suite.
privilege-escalation
How to Proceed after the User Flag: My Beginner’s Priv Esc Flow
Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes; what I check, how I think, and why it still stumps me sometimes.
htb
My UnderPass Runthrough - Learnings
Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password; here is how.
shell
An Introduction to Shells: Essentials Knowledge
Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.
