Penetration-Testing

An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.

From Kerberos to NTLM and LDAP to DNS, this deep-dive unpacks the core Active Directory protocols attackers love — and defenders must understand. With analogies, examples, and red team insights, this is your protocol playbook.

Active Directory powers most enterprise networks — and attackers love it. This guide simplifies AD with real-world analogies and attacker-focused insights to help you learn, enumerate, and exploit it effectively.

A hands-on deep dive into exploiting file inclusion vulnerabilities — from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.

An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI) — from classic payloads to modern bypasses, straight from HTB Academy labs.

From basic payloads to protected and self-destructing shells — a hands-on journey upgrading your webshells for stealth, power, and style.

A practical deep dive into SQL Injection in DVWA — from simple payloads to reading and writing files, fuzzing with ffuf, and scripting attacks in Burp Suite.

Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.

Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.