Blog

Digital Forensics Case B4DM755 cover image

2 min read

Digital Forensics Case B4DM755 February 21, 2026

As a Forensics Lab Analyst, you analyse the artefacts from crime scenes. Occasionally, the law enforcement agency you work for receives “intelligence...

./read_post.sh

2 min read

Splunk Investigation Lab February 21, 2026

This blog documents my hands-on investigations using Splunk. I walk through real-world challenges step by step, explaining my thought process, search strategies,...

./read_post.sh

8 min read

Hardening February 7, 2026

We will explore the different ways to protect an Ubuntu Server.

./read_post.sh

Simulating a Banking Security Infrastructure Part 2 The Subordinate (Issuing) CA cover image

8 min read

Simulating a Banking Security Infrastructure Part 2 The Subordinate (Issuing) CA February 6, 2026

This server, SUBCA01, is the “worker bee.” It will stay online, join the domain, and issue certificates to every user and computer...

./read_post.sh

Simulating a Banking Security Infrastructure Part 1 cover image

14 min read

Simulating a Banking Security Infrastructure Part 1 February 6, 2026

For my latest home lab project, I am building a Two-Tier Public Key Infrastructure (PKI) to simulate a high-security banking environment.

./read_post.sh

8 min read

Msfvenom Is Not Dead January 30, 2026

You’ve definitely run msfvenom, uploaded the payload, and watched it get nuked instantly by Windows Defender. It’s frustrating. It makes you think...

./read_post.sh

1 min read

Windows Forensics January 26, 2026

One of the Desktops in the research lab at Organization X is suspected to have been accessed by someone unauthorized. Although they...

./read_post.sh

10 min read

The Exfiltration Handbook January 24, 2026

In this guide, I’m breaking down how to “live off the land.” We’re talking about taking standard commands and turning them into...

./read_post.sh

4 min read

byp4ss3d PicoCTF November 19, 2025

A university’s online registration portal asks students to upload their ID cards for verification. The developer put some filters in place to...

./read_post.sh

When Input Becomes Injection cover image

4 min read

When Input Becomes Injection October 18, 2025

Developers should never trust user input. Even when you think you’ve sanitized everything and even when you’re using the familiar ? placeholder...

./read_post.sh

Weak JWT Secrets: How ‘secret’ Breaks Your Auth cover image

2 min read

Weak JWT Secrets: How ‘secret’ Breaks Your Auth October 16, 2025

This post begins a short series about authentication mistakes I often see in Node.js/Express applications. We’ll look at a real-but-safe example where...

./read_post.sh

1 min read

WebSockFish PicoCTF September 16, 2025

When we accessed the website, we found this:

./read_post.sh

1 min read

SSTI2 PicoCTF September 16, 2025

I made a cool website where you can announce whatever you want! I read about input sanitization, so now I remove any...

./read_post.sh

1 min read

JaWT Scratchpad PicoCTF September 16, 2025

Check the admin scratchpad!

./read_post.sh

1 min read

SSTI1 PicoCTF September 16, 2025

I made a cool website where you can announce whatever you want! Try it out!I heard templating is a cool and modular...

./read_post.sh

Tryhackme BookStore Walkthrough - API & Reverse Engineering cover image

6 min read

Tryhackme BookStore Walkthrough - API & Reverse Engineering September 3, 2025

Bookstore ▁▃▅ MEDIUM Objective: understand how a vulnerable API can be exploited Web Exploitation 🔗 Start Challenge →

./read_post.sh

Null-Byte File Upload Bypass: PoC on a NYC Portal cover image

3 min read

Null-Byte File Upload Bypass: PoC on a NYC Portal August 29, 2025

While searching for jobs on a New York City job portal, I decided to create an account and explore the platform’s features....

./read_post.sh

TryHackMe Injectics Walkthrough - SQL Injection & SSTI Exploitation cover image

28 min read

TryHackMe Injectics Walkthrough - SQL Injection & SSTI Exploitation August 24, 2025

Injectics ▁▃▅ MEDIUM Objective: Use your injection skills to take control of a web app. Web Exploitation 🔗 Start Challenge →

./read_post.sh

Blog Posts