Soulmate is a Linux machine on HTB. Foothold comes from bypass Authentication, uploading a malicious file for RCE. Dumped credentials give user access, and root is obtained via a internal service misconfiguration.

Walkthrough of the ESC8 AD CS escalation technique, how it works, PoC commands and mitigation recommendations.

Write-up for the Manage machine (VulnLab) — Tomcat & Java RMI initial access, credentials recovery, SSH with TOTP, and privilege escalation via sudo adduser misconfiguration.

I am proud to announce that I have successfully obtained the Certified Web Exploitation Specialist (CWES) certificate from Hack The Box, validating my practical skills in web exploitation and cybersecurity.

Down is a Linux box : bypass a cURL whitelist with two URLs, exploit an index.php parameter to spawn a www-data shell via netcat, then find the 'pswm' master password to decrypt the vault and escalate privileges.

Retro2 is an easy Active Directory box from Vulnlab that involves decrypting an MS Access database, Pre-Created Computer Accounts, GenericWrite, AddMember and finally exploiting an RpcEptMapper Registry Key vulnerability in Windows Server 2008 R2.

I am proud to announce that I have successfully obtained the eLearnSecurity Junior Penetration Tester (eJPT) certificate.

Step-by-step technical writeup of a stack buffer overflow lab, including vulnerability analysis with Ghidra, debugging with GDB, shellcode crafting, and successful exploitation.

I am proud to announce that I have successfully obtained the Certified Associate Penetration Tester (CAPT) certificate, validating my practical skills in penetration testing and cybersecurity

A comprehensive guide on detecting Windows Active Directory attacks, lateral movements, Pass-the-Hash, Kerberoasting, Golden/Silver Tickets, Responder attacks, and other threats using Splunk and Zeek logs.