Information disclosure issues often reveal sensitive data such as framework versions, environment variables, source code, or even admin bypass techniques. These labs walk through discovering and ex...

Collection of PortSwigger labs demonstrating business logic vulnerabilities in web applications, including flaws in workflow validation, authorization, input handling, and purchasing logic. Ideal f...

Comprehensive notes and practical lab walkthroughs on web application authentication vulnerabilities. Covers topics such as username enumeration, brute-force attacks, broken 2FA logic, password res...

A walkthrough of the HackTheBox 'Hacknet' machine which is Medium rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.

PoC showing unauthenticated remote code execution in Erlang/OTP SSH server. By exploiting a flaw in SSH protocol message handling, an attacker can execute arbitrary commands on the target without v...

A walkthrough of the HackTheBox 'Soulmate' machine which is Easy rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.

A walkthrough of the HackTheBox 'Guardian' machine which is Hard rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.

A walkthrough of the HackTheBox 'Previous' machine which is Medium rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.

PoC showing Linux privilege escalation via sudo Terraform. By abusing provider_installation dev_overrides and TF_CLI_CONFIG_FILE, a malicious provider script runs as root, allowing creation of a SU...

A walkthrough of the HackTheBox 'CodeTwo' machine which is Easy rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.