Posts are loaded from the Jekyll _posts folder and styled with this site's retro terminal theme.
No matching writeups found.
✦
POST INDEX
◆
BUG BOUNTY
Aug 29, 2025
Null-Byte File Upload Bypass: PoC on a NYC Portal
While searching for jobs on a New York City job portal, I decided to create an account and explore the platform’s features. One of the first things...
Read Writeup
▣
CTF
Nov 19, 2025
byp4ss3d PicoCTF
A university’s online registration portal asks students to upload their ID cards for verification. The developer put some filters in place to ensur...
Read Writeup
Sep 16, 2025
SSTI2 PicoCTF
I made a cool website where you can announce whatever you want! I read about input sanitization, so now I remove any kind of characters that could ...
Read Writeup
Sep 16, 2025
SSTI1 PicoCTF
I made a cool website where you can announce whatever you want! Try it out!I heard templating is a cool and modular way to build web apps!
Read Writeup
Sep 3, 2025
Tryhackme BookStore Walkthrough - API & Reverse Engineering
Bookstore ▁▃▅ MEDIUM Objective: understand how a vulnerable API can be exploited Web Exploitation 🔗 Start Challenge →
Read Writeup
Aug 24, 2025
TryHackMe Injectics Walkthrough - SQL Injection & SSTI Exploitation
Injectics ▁▃▅ MEDIUM Objective: Use your injection skills to take control of a web app. Web Exploitation 🔗 Start Challenge →
Read Writeup
⚡
PENTESTING
Jan 30, 2026
Msfvenom Is Not Dead
You’ve definitely run msfvenom, uploaded the payload, and watched it get nuked instantly by Windows Defender. It’s frustrating. It makes you think ...
Read Writeup
Jan 24, 2026
The Exfiltration Handbook
In this guide, I’m breaking down how to “live off the land.” We’re talking about taking standard commands and turning them into tunnels. Whether it...
Read Writeup
◇
MY RESEARCH
Feb 21, 2026
Digital Forensics Case B4DM755
As a Forensics Lab Analyst, you analyse the artefacts from crime scenes. Occasionally, the law enforcement agency you work for receives “intelligen...
Read Writeup
Feb 21, 2026
Splunk Investigation Lab
This blog documents my hands-on investigations using Splunk. I walk through real-world challenges step by step, explaining my thought process, sear...
Read Writeup
Feb 6, 2026
Simulating a Banking Security Infrastructure Part 2 The Subordinate (Issuing) CA
This server, SUBCA01, is the “worker bee.” It will stay online, join the domain, and issue certificates to every user and computer in my bank.
Read Writeup
Feb 6, 2026
Simulating a Banking Security Infrastructure Part 1
For my latest home lab project, I am building a Two-Tier Public Key Infrastructure (PKI) to simulate a high-security banking environment.
Read Writeup
Jan 26, 2026
Windows Forensics
One of the Desktops in the research lab at Organization X is suspected to have been accessed by someone unauthorized. Although they generally have ...
Read Writeup
Oct 18, 2025
When Input Becomes Injection
Developers should never trust user input. Even when you think you’ve sanitized everything and even when you’re using the familiar ? placeholder in ...
Read Writeup
Oct 16, 2025
Weak JWT Secrets: How ‘secret’ Breaks Your Auth
This post begins a short series about authentication mistakes I often see in Node.js/Express applications. We’ll look at a real-but-safe example wh...
Read Writeup