Portswiggers

• Oct 11, 2025 LLM APIs Lab 1: Guardrails & Consent Checks for Tool-Calling Models
• Oct 11, 2025 LLM APIs Lab 2: OS Command Injection via Tool-Calling API
• Oct 3, 2025 DOM XSS Lab 5: jQuery :contains() selector sink with location.hash source
• Oct 1, 2025 DOM XSS Lab 4: jQuery anchor href sink with location.search source
• Sep 30, 2025 DOM XSS Lab 3: Exploiting innerHTML with location.search in the Search Message
• Sep 29, 2025 DOM XSS Lab 2: Exploiting document.write with location.search in Select Elements

Walkthroughs

• Oct 6, 2025 RetroTwo HTB Walkthrough: Pre-Win2000 Machine Accounts, subkeys & malicious DLLS (Windows AD, LDAP & SAMR) Privilege Escalation
• Sep 18, 2025 Retro HTB Walkthrough: Pre-Win2000 Machine Accounts, LDAP Bitmasks & ESC1 Cert Abuse
• Sep 9, 2025 Lock HTB Walkthrough: Gitea PAT Leak → CI/CD RCE → ASPX Webshell → PrivEsc
• Aug 11, 2025 Union HTB Walkthrough: SQLi, Header Injection, and Privilege Escalation
• Jun 18, 2025 Jeeves HTB Walkthrough: Jenkins RCE, KeePass Cracking, and ADS Flag Discovery
• Jun 2, 2025 Strutted HTB Walkthrough: Apache Struts2 CVE-2024-53677 File Upload Exploitation
• May 26, 2025 EscapeTwo HTB Walkthrough: ESC4 Certificate Abuse and Shadow Credentials Attack
• May 23, 2025 Cap HTB Walkthrough: PCAP Analysis, Linux Capabilities, and Linux Privilege Escalation
• May 20, 2025 LinkVortex HTB Walkthrough: Ghost CMS, Git Dumping, and TOCTOU Exploitation
• Apr 30, 2025 Bastion HTB Walkthrough: Windows Server Exploitation through SMB Guest Access and VHD Mounting
• Apr 25, 2025 Jab HTB Walkthrough: XMPP, DCOM, and OpenFire Exploitation
• Apr 22, 2025 Administrator HTB Walkthrough: DACLs, ACL Abuse, and AS-REPRoasting
• Apr 22, 2025 SolarLab HTB Walkthrough: OpenFire Exploitation and Python ReportLab
• Jan 12, 2025 RedPanda HTB Walkthrough: Spring Boot, SSTI, and Privilege Escalation
• Dec 26, 2024 Sau HTB Walkthrough: SSRF, CVE-2023-27163, and CVE-2023-26604 Exploitation
• Dec 24, 2024 Love HTB Walkthrough: SSRF, File Upload, and AlwaysInstallElevated Exploitation
• Dec 22, 2024 Editorial HTB Walkthrough: SSRF, Git History Analysis, and GitPython RCE
• Dec 21, 2024 Doctor HTB Walkthrough: SSTI, Log Analysis, and Splunk Universal Forwarder Exploitation
• Nov 15, 2024 Forest HTB Walkthrough: Active Directory, ASREPRoasting, and DCSync Exploitation
• Nov 12, 2024 Driver HTB Walkthrough: SCF File Exploitation and PrintNightmare Privilege Escalation
• Nov 11, 2024 Timelapse HTB Walkthrough: Active Directory, LAPS, and Certificate-Based Authentication
• Nov 6, 2024 Certified HTB Walkthrough: Shadow Credentials, ESC9, and Certificate Abuse
• Nov 5, 2024 Aero HTB Walkthrough: ThemeBleed and CLFS Exploitation
• Nov 3, 2024 Sauna HTB Walkthrough: Active Directory, Kerberoasting, and PrintNightmare Exploitation
• Nov 2, 2024 Active HTB Walkthrough: GPP, Kerberoasting, and Golden Ticket Attacks
• Nov 1, 2024 Cicada HTB Walkthrough: Active Directory Enumeration and SeBackupPrivilege Exploitation
• Oct 31, 2024 Authority HTB Walkthrough: Certificate Abuse, PKINIT, and RBCD Attacks
• Oct 22, 2024 EvilCUPS HTB Walkthrough: CUPS Exploitation and Print Queue Analysis
• Oct 21, 2024 Resolute HTB Walkthrough: Active Directory, NoPac, and DCSync Exploitation
• Oct 18, 2024 Fuse HTB Walkthrough: Active Directory, SeLoadDriverPrivilege, and Capcom Exploitation
• Oct 16, 2024 Cascade HTB Walkthrough: AD Recycle Bin, VNC, and Ansible Vault Exploitation
• Oct 14, 2024 Monteverde HTB Walkthrough: Azure AD Connect, SQL Server, and Credential Extraction
• Oct 13, 2024 Outdated HTB Walkthrough: Active Directory, WSUS, and Follina Exploitation
• Oct 9, 2024 Scrambled HTB Walkthrough: Active Directory, MSSQL, and .NET Deserialization Exploitation
• Oct 5, 2024 Escape HTB Walkthrough: Certificate Template Abuse and MSSQL Exploitation
• Oct 3, 2024 Hospital HTB Walkthrough: GhostScript, Selenium, and RoundCube Exploitation
• Sep 29, 2024 Intelligence HTB Walkthrough: Active Directory, DNS, and Kerberos Constrained Delegation
• Sep 22, 2024 Manager HTB Walkthrough: Active Directory, Certificate Authority, and ESC7 Exploitation
• Sep 12, 2024 Access HTB Walkthrough: PST Files, LNK Exploitation, and Stored Credentials
• Sep 9, 2024 Remote HTB Walkthrough: Active Directory, Umbraco, and SeImpersonatePrivilege Exploitation
• Sep 6, 2024 Support HTB Walkthrough: Active Directory, RBCD, and MachineAccountQuota Exploitation
• Sep 1, 2024 Return HTB Walkthrough: Active Directory, LDAP, and SeBackupPrivilege Exploitation

Homelabs

• Jul 31, 2025 Autostart Tailscale on NixOS system boot & rebuild with mullvad integration
• Mar 12, 2025 Rebuilding My Homelab In NixOS (Part 5) Installing Docker & other tools on NixOS
• Mar 10, 2025 How to Run Local LLMs with Ollama on AMD GPU (Complete Guide)
• Mar 7, 2025 Rebuilding My Homelab In NixOS (Part 4) Decrypting boot early with initrd-ssh
• Feb 28, 2025 Rebuilding My Homelab In NixOS (Part 3) Mounting A Secondary Drive At Boot
• Feb 26, 2025 Rebuilding My Homelab In NixOS (Part 2) Enabling SSH Login in NixOS
• Feb 20, 2025 Rebuilding My Homelab In NixOS (Part 1) Creating the NixOS VM In Proxmox

Articles

• Jun 26, 2025 Mixing Unstable Packages on Stable NixOS with Flakes
• Jun 24, 2025 Understanding OWASP Secure Headers: HTTP Security Headers & Best Practices
• Jun 20, 2025 Common Vulnerability Scoring System (CVSS) - Complete Guide for Security Professionals
• Apr 24, 2025 Understanding PowerShell Download Cradles: A Deep Dive
• Nov 15, 2024 Understanding AS-REP Roasting Attacks: A Deep Dive
• Nov 5, 2024 Understanding CVE-2023-28252: Deep Dive into the CLFS Privilege Escalation Vulnerability
• Nov 5, 2024 Understanding CVE-2023-38146: Deep Dive into the ThemeBleed Vulnerability
• Oct 22, 2024 Understanding the CUPS Exploit Chain: A Deep Dive into CVE-2024-4176, CVE-2024-4175, CVE-2024-4177 and CVE-2024-4076
• Oct 21, 2024 Understanding the NoPac Exploit: A Deep Dive into CVE-2021-42278 and CVE-2021-42287
• Oct 20, 2024 Understanding SeLoadDriverPrivilege Escalation: A Deep Dive
• Oct 14, 2024 Understanding Azure AD Connect Exploitation & Privilege Escalation
• Oct 11, 2024 Understanding the Shadow Credentials Attack Vector
• Oct 10, 2024 Understanding .NET Deserialization Exploits: A Deep Dive

Tools

• Jun 20, 2025 CVSS v3.1 Calculator: Interactive Base Score Calculator for Security Professionals
• Feb 3, 2025 Automating Kali Linux VM Setup: A Comprehensive Guide to QEMU and Ansible Integration
• Nov 13, 2024 LDAPire: Advanced Active Directory Enumeration Tool
• Oct 17, 2024 BloodServer: A Secure File Transfer Tool for Penetration Testing

Sherlocks

• May 11, 2025 NeuroSync-D HTB Sherlock Challenge: Investigating Next.js Middleware Bypass and Redis Injection
• May 6, 2025 SmartyPants HTB Sherlock Challenge: Analyzing Windows RDP Compromise Through Event Logs and SmartScreen
• Mar 23, 2025 Brutus HTB Sherlock Challenge: Analyzing SSH Brute Force Attack Through Linux Logs

Cheatsheets

• Mar 17, 2025 Network Manager CLI Cheat Sheet
• Mar 11, 2025 Common Docker Build Issues: A Comprehensive Troubleshooting Guide
• Mar 11, 2025 Docker Image Security Analysis and Testing
• Mar 11, 2025 How to Emulate Different Architectures in Docker
• Mar 11, 2025 Transferring Docker Images via SCP
• Mar 10, 2025 Docker Troubleshooting Guide: Comprehensive Solutions for Common Container Issues (2025)
• Oct 16, 2024 Attacking LDAP: Deep Dive & Cheatsheet
• Oct 16, 2024 Attacking RPC: Deep Dive & Cheat Sheet