Niklas Heringer
Niklas Heringer
Cybersecurity & Math.
⌘K
Subscribe Sign in
Niklas Heringer

Penetration Testing

In-depth guides and articles on ethical hacking and vulnerability assessment.
Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)
htb

Breaking in before the VPN broke down - A Journey through Precious (HTB Writeup)

A full walkthrough of the Hack The Box machine "Precious"; from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.
HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo
htb

HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo

A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.
A Small Prep Session: PortSwigger Beginner Labs
exam-prep

A Small Prep Session: PortSwigger Beginner Labs

A short and focused session working through some beginner-level labs from PortSwigger, revisiting the fundamentals of web vulnerabilities like XSS, SQLi, and authentication bypasses.
Uni Exam Practice VM practice: more of LFI2RCE
exam-prep

Uni Exam Practice VM practice: more of LFI2RCE

In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.
Test Exam: Penetration Testing Playbook 01
exam-prep

Test Exam: Penetration Testing Playbook 01

My personal playbook for my penetration testing test exam, covering all key steps from access via port forwarding to grabbing ALL 8 flags.
Interview Prep Series: Part Two – Technical Deep Dive & Groundwork
interview-prep

Interview Prep Series: Part Two – Technical Deep Dive & Groundwork

Digging into technical fundamentals and real interview questions to sharpen my baseline as a pentester. Inspired by Steflan Security’s interview cheat sheet & my 2nd Cirosec Interview
Interview Prep Series: Part One – Core Concepts & Confidence
interview-prep

Interview Prep Series: Part One – Core Concepts & Confidence

Kicking off my interview prep journey with key phases of pentests, handling tricky questions, and building confidence under pressure.
The Final Part: Active Directory Journay Day Five: Building, Securing, and Managing a Domain
ad-challenge

The Final Part: Active Directory Journay Day Five: Building, Securing, and Managing a Domain

Day Five covers key AD admin tasks - user and group creation, GPO management, and domain joins; using PowerShell with a security-focused approach.
Active Directory Journey Day Four: Rights, Privileges, GPOs and a Whole Lot More
ad-challenge

Active Directory Journey Day Four: Rights, Privileges, GPOs and a Whole Lot More

This post digs into Group Policy, Active Directory privileges, and built-in groups. I break down who has silent power, how attackers exploit User Rights, and what defenders can do to lock it down. Expect practical cheatsheets, tools, and battle-tested hardening tips.
Active Directory Journey Day Three - All about Users & Groups
ad-challenge

Active Directory Journey Day Three - All about Users & Groups

This post digs into Active Directory user accounts, local vs. domain context, and why SYSTEM access is a bigger deal than you think. You’ll learn where users live, how machines act like users, and how attackers use this to map, move, and mischief.
Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog
htb

Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog

An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.
Active Directory Protocols Unpacked: A Practical Learning Journey - Day Two
ad-challenge

Active Directory Protocols Unpacked: A Practical Learning Journey - Day Two

We're back for day two! The series here are going great hehe. Last time we talked a lot
Active Directory Demystified: A Practical Learning Journey - Day One
ad-challenge

Active Directory Demystified: A Practical Learning Journey - Day One

Active Directory powers most enterprise networks, and attackers love it. This guide simplifies AD with real-world analogies and attacker-focused insights to help you learn, enumerate, and exploit it effectively.
From LFI to RCE: Exploiting File Inclusion Like a Pro
remote-code-execution

From LFI to RCE: Exploiting File Inclusion Like a Pro

A hands-on deep dive into exploiting file inclusion vulnerabilities; from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.
Introduction to File Inclusion
local-file-inclusion

Introduction to File Inclusion

An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI); from classic payloads to modern bypasses, straight from HTB Academy labs.
From Basic to Blessed: Uplifting Your Webshell Game
webshell

From Basic to Blessed: Uplifting Your Webshell Game

From basic payloads to protected and self-destructing shells; a hands-on journey upgrading your webshells for stealth, power, and style.
SQLi Hands-On: Injecting Chaos
sql-injection

SQLi Hands-On: Injecting Chaos

A practical deep dive into SQL Injection in DVWA; from simple payloads to reading and writing files, fuzzing with ffuf, and scripting attacks in Burp Suite.
How to Proceed after the User Flag: My Beginner’s Priv Esc Flow
privilege-escalation

How to Proceed after the User Flag: My Beginner’s Priv Esc Flow

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes; what I check, how I think, and why it still stumps me sometimes.