Cap
Cap is a security-dashboard web app with an IDOR that lets me download another user's packet capture. The PCAP leaks FTP/SSH crede...
I break things on purpose so the right people can't. Kali on the daily, HackTheBox at night, and a security company by day. This is my lab notebook — machine write-ups, hacking notes, and the occasional sticker drop.
// edit these in the admin panel → about & site settings
Mapping attack surface until something gives. Ports, vhosts, params, users.
Auth bypass, IDOR, SSRF, injection, deserialization — chaining bugs into shells.
Kerberoasting, AS-REP, ACL abuse and DCSync — from a single user to Domain Admin.
SUID, sudo, capabilities, cron, kernel — the last hop to root/SYSTEM.
Day job: hardening networks, VPN monitoring, detection — I defend what I attack.
Founder mode: shipping security tooling (SecuraIT, VpnSentinel) for small business.
Step-by-step walkthroughs of boxes I've rooted. Follow along and learn the path.
Cap is a security-dashboard web app with an IDOR that lets me download another user's packet capture. The PCAP leaks FTP/SSH crede...
Laboratory starts with a GitLab instance vulnerable to an arbitrary file read chained to RCE (CVE-2020-10977). After a shell in th...
Forest is a Windows DC where anonymous LDAP/RPC enumeration yields users, one with Kerberos pre-auth disabled. I AS-REP roast and...