Slonik is a Linux box with medium difficulty. The box starts with NFS enumeration and then continues by finding a valid user from PostgreSQL. In this box, I learned a few new techniques, and the pr...

Job is a Windows box with medium difficulty. We inject malicious code and configure it as a macro in an Office document. After gaining initial foothold, we then escalate to admin using the classic ...

Phantom is a Windows machine with medium difficulty. We start by using the password found in a PDF file. After a few steps, we find a service account and abuse the ACLs (Access Control Lists) in Ac...

Pivoting and ligolo-ng What is Pivoting and Why is it Important in Cybersecurity? Pivoting is a technique used by attackers to access other parts of a network through a compromised system. After ...

Nmap Nmap is a free, open-source tool that helps you scan networks to discover devices, check for open ports, and identify potential security vulnerabilities. Nmap, widely regarded as one of the ...

Web Fuzzing with ffuf There are many tools available for directory and parameter fuzzing and brute-forcing on web applications. One of these tools, and my personal favorite due to its versatility,...