Posts

All the articles I've posted.

• Docker & Kubernetes Abuse Cheatsheet

  15 Feb, 2024

  Container escapes, docker.sock exploitation, K8s privilege escalation and misconfigurations for HTB, CTFs and cloud pentests

• Advanced Web Hacking & Pivoting Cheatsheet

  22 Dec, 2023

  SSRF, Request Smuggling, Prototype Pollution, WAF bypass, OAuth, SAML, advanced logic flaws and internal pivoting

• Web Exploitation Cheatsheet

  25 Nov, 2023

  SQLi, RCE, LFI/RFI, File Uploads, Deserialization, SSTI, Auth bypass and manual exploitation for HTB, CTFs and real-world pentests

• Windows Privilege Escalation Cheatsheet

  8 Nov, 2023

  Fast techniques, tools, and commands for HTB, CTFs and OSCP-like environments

• Linux Privilege Escalation Cheatsheet

  18 Oct, 2023

  Fast techniques, tools, and commands for HTB, CTFs and OSCP-like environments

• SMB & RPC Enumeration Cheatsheet

  10 Sep, 2023

  Fast SMB, RPC and Windows service enumeration for HTB, CTFs and real-world AD pentests

• Web Attack Surface & Enumeration Cheatsheet

  10 Sep, 2023

  Discovery, fingerprinting, content discovery, parameter fuzzing, virtual hosts and technology mapping for HTB, CTFs and real-world pentests

• Active Directory PrivEsc Cheatsheet

  15 Aug, 2023

  ACL abuses, delegations, AD CS, RBCD, Shadow Credentials, and domain privilege escalation paths

• Adversarial Machine Learning: Attacks and Defenses

  15 Aug, 2023

  Deep dive into adversarial attacks against ML models: evasion, poisoning, and extraction. Exploring defenses, red teaming strategies, and the MITRE ATLAS framework for securing AI systems.

• Active Directory Pentesting Cheatsheet

  20 Jul, 2023

  Fast enumeration, common attack paths, and practical commands for HTB, CTFs and OSCP-like environments