Site Logo
Niklas Heringer - Cybersecurity & Math

Penetration Testing

A growing archive of my work in penetration testing — from lab environments to structured methodologies.
This is where I sharpen offensive skills to better understand real-world attack surfaces, privilege escalation, and exploitation logic.

  • Active Directory Journey Day Three - All about Users & Groups

    Posted on 13 mins

    This post digs into Active Directory user accounts, local vs. domain context, and why SYSTEM access is a bigger deal than you think. You’ll learn where users live, how machines act like users, and how attackers use this to map, move, and mischief.
    Active Directory Journey Day Three - All about Users & Groups

  • Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog

    Posted on 8 mins

    An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.
    Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog

  • Active Directory Protocols Unpacked: A Practical Learning Journey - Day 02

    Posted on 19 mins

    From Kerberos to NTLM and LDAP to DNS, this deep-dive unpacks the core Active Directory protocols attackers love — and defenders must understand. With analogies, examples, and red team insights, this is your protocol playbook.
    Active Directory Protocols Unpacked: A Practical Learning Journey - Day 02

  • Active Directory Demystified: A Practical Learning Journey - Day 01

    Posted on 15 mins

    Active Directory powers most enterprise networks — and attackers love it. This guide simplifies AD with real-world analogies and attacker-focused insights to help you learn, enumerate, and exploit it effectively.
    Active Directory Demystified: A Practical Learning Journey - Day 01

  • From LFI to RCE: Exploiting File Inclusion Like a Pro

    Posted on 20 mins

    A hands-on deep dive into exploiting file inclusion vulnerabilities — from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.
    From LFI to RCE: Exploiting File Inclusion Like a Pro

  • Intro to File Inclusion

    Posted on 8 mins

    An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI) — from classic payloads to modern bypasses, straight from HTB Academy labs.
    Intro to File Inclusion

  • From Basic to Blessed: Uplifting Your Webshell Game

    Posted on 9 mins

    From basic payloads to protected and self-destructing shells — a hands-on journey upgrading your webshells for stealth, power, and style.
    From Basic to Blessed: Uplifting Your Webshell Game

  • SQLi Hands-On: Injecting Chaos

    Posted on 10 mins

    A practical deep dive into SQL Injection in DVWA — from simple payloads to reading and writing files, fuzzing with ffuf, and scripting attacks in Burp Suite.
    SQLi Hands-On: Injecting Chaos

  • Breaking Htb Underpass

    Posted on 11 mins

    Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.
    Breaking Htb Underpass

  • What I Do After the User Flag — My Beginner’s Priv Esc Flow

    Posted on 4 mins

    Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.
    What I Do After the User Flag — My Beginner’s Priv Esc Flow