The other day I was bored, and started thinking to myself… “What devices are actually running on my network?”. Thats when I decided to run an nmap scan on my LAN and see for myself. Identifying Ho...

Thought i’d post my dotfiles on here and give a brief explanation as to what dotfiles actually are, and how you’re meant to install them. Especially since I myself messed up quite a few installs be...

The reason I’m making this post is to motivate and help anyone that might be planning on tackling any of these certifications, or any certification in the infosec space in general. I won’t be goin...

This sherlock investigates a potential breach of a customers database. It involves scrutinizing an email received by one of their employees, comprehending the implications, and uncovering any possi...

This is a walkthrough on the “Nuts” Sherlock, which is focused mainly on forensics. Most of the analysis can be performed with ZimmermanTools and some occasional manual analysis and cli-fu. 1) W...

Our attack on the target begins with a file upload vulnerability allowing us to upload a phar file gaining RCE on the target. This is followed with exploitation of CVE-2023-32629 due to a vulnerabl...

Recently, I decided to set up dual boot on my computer since I had two 1 TB SSD’s, and as I dont play many games nowadays like I used to, the space was sitting there waiting to be used. Plus, seein...

Starting off, we encounter a web application thats vulnerable to a zip archive file upload vulnerability, allowing us to utilize phar:// to execute a shell and gain a foothold onto the system. Foll...

This machine begins with a password spray on the machine, which is domain joined, giving us access to a domain user with MSSQL access. We utilize our MSSQL access to find a backup.zip file within t...

This machine starts off with a directory fuzzing attack on a web server being hosted on the target. This leads to the identification of an directory that’s vulnerable to a LDAP injection attack wit...