A hand-picked collection of cybersecurity writeups, deep-dives, and walkthroughs. Sourced from InfoSec Write-ups, HackTheBox, and other reputable infosec publications - plus my own posts.
Most "What is a SIEM?" guides stop at the marketing brochure. Here's the version I wish I'd been handed on day one - the data pipeline, the queries that matter, the rules you should actually write, and the metrics that survive a board review.
Original writeups, lab notes, and post-engagement deep dives.
Tickets, TGTs, the KDC, AS-REQ to TGS-REP, delegation, and every attack you've heard of - Kerberoasting, AS-REP roasting, Golden & Silver tickets - built up step by step with diagrams.
From asymmetric keys to AD CS, CSRs, RAs, templates and auto-enrollment - built up step by step with motion and diagrams. Basics to advanced.
What these tools really do, the data pipeline, how good detections are written, the metrics that survive a board review, and a 30-day starter pack for new analysts.
An end-to-end domain takeover from anonymous unauthenticated to Domain Admin via authentication coercion + AD Certificate Services relay. Detection rules included.
The old "spray creds and hope" doesn't fly anymore. Here's the AD playbook I use for the new exam - Kerberoast, ASREP, ACL abuse, ADCS, and movement.
Custom BOF + Indirect syscalls aren't always the answer. Sometimes a cleverly chained LOLBIN flies right under the radar. Three case studies and the YARA that catches them.
The writeups I keep coming back to - bookmarked, annotated, and recommended.
From recon stack setup to first triage-quality report in three months. A sequenced learning track that prioritises depth over breadth.
Where competition is low, duplicates are fewer, and you can actually build a reputation. A pragmatic ranking with each platform's quirks.
A tiny normalization bug becomes an account-lockout primitive. A masterclass in finding logic flaws hiding in plain sight.
The fundamentals: how SSRF works, where it hides, and the bypasses you'll see in modern apps. Excellent intro to a top-tier vulnerability class.
A pattern analysis of recurring SSRF entry points and bypasses across hundreds of public reports. Updated for the modern cloud-app surface.
A long-form, classroom-grade walkthrough of every phase of an AD assessment - recon, enumeration, exploitation, privilege escalation, persistence.
The five recurring AD bugs you'll find in every engagement, the exact commands to confirm them, and the hardening steps that close the door.
The same AD attack - narrated from both sides. Side-by-side timelines of attacker actions and the SOC signals that should fire.
Updated take on OSCP+ after the 2024 refresh - what the AD lab actually demands, the bonus-points trap, and whether it earns its certification status in 2026.
A week-by-week study plan, lab list, supplementary courses, and the exact methodology document used by recent passers. No fluff.
The 2026 attack surface looks nothing like 2020. APIs, cloud misconfigs, firmware, AI components - and prompt injection rewards rivalling RCE payouts.
The home page - fresh writeups daily across CTF, bug bounty, AD, malware analysis, hardware challenges, and real-life encounters.