Cybersecurity Journey

Exploring offensive security, defensive operations, and digital forensics

Loading... Boxes Pwned
Loading... Writeups Published
Loading... HTB Rank
Loading... Final Score

Red Team

Offensive Security

Blue Team

Defensive Operations

Digital Forensics

Incident Analysis

Red Team — HTB Writeups

🐶 Puppy

Medium
Jun 9, 2025 Windows 6 hours

Complete Active Directory takeover through BloodHound analysis, ACL abuse, KeePass exploitation, DPAPI extraction, and DCSync attacks.

Active Directory BloodHound KeePass DPAPI DCSync
Read Writeup

🔒 Voleur

Medium
Jul 9, 2025 Windows 8 hours

Complex Active Directory attack involving Kerberos authentication, Excel credential extraction, Kerberoasting, deleted object recovery, DPAPI exploitation, WSL abuse, and NTDS database extraction.

Kerberos LDAP DPAPI Kerberoasting WSL NTDS
Read Writeup

⏮️ Previous

Medium
Sep 6, 2025 Linux 8 hours

Next.js authentication bypass through middleware vulnerability, Local File Inclusion exploitation, credential extraction, and Terraform provider override privilege escalation to root.

Next.js CVE-2025-29927 LFI Terraform sudo
Read Writeup

💕 Soulmate

Easy
Sep 9, 2025 Linux 4 hours

Complete machine compromise through CrushFTP CVE-2025-31161 authentication bypass, user creation, file upload exploitation, credential extraction from Erlang scripts, and privilege escalation via local SSH service running as root.

CVE-2025-31161 CrushFTP File Upload Erlang SSH Credential Extraction PHP Shell
Read Writeup

🚀 Expressway

Easy
Sep 21, 2025 Linux 2 hours

Straightforward attack path leveraging TFTP file discovery, IKE aggressive mode PSK extraction, offline cracking, and CVE-2025-32462 sudo privilege escalation for complete system compromise.

TFTP IPsec/IKE PSK Cracking CVE-2025-32462 Sudo Exploitation
Read Writeup

🔐 Signed

Medium
Oct 18, 2025 Windows 4 hours

Classic Active Directory exploitation chain leveraging certificate-based authentication, Kerberos Silver Ticket forgery, MSSQL xp_cmdshell abuse, and privilege escalation through manipulated group memberships.

Active Directory Kerberos Silver Ticket MSSQL Certificate Auth
Read Writeup

Blue Team — SOC Writeups & Operations

Documenting defensive security knowledge, SOC workflows, detection methodology, and real-world triage case studies.

🔵 Security Operations Fundamental

SOC-101
Jan 5, 2026 Blue Team Core Theory

A structured breakdown of what makes a high-quality security alert, how to classify outcomes (TP/FP/NMI/FN), the SOC analyst mindset, the full 8-step detection-to-feedback workflow, and a real-world impossible travel case study.

Alert Triage 5W1H SIEM Incident Response Impossible Travel IOC Analysis
Read Writeup

📡 Network Security Monitoring (NSM)

soc-101
Jan 9, 2026 Blue Team Core Theory

A deep dive into NSM fundamentals — the three types of network evidence, Zeek log analysis, and pro-level detection techniques for beaconing, DNS tunneling, DGA hunting, and JA3 fingerprinting.

NSM Zeek Beaconing C2 Detection DNS Tunneling JA3 Threat Hunting
Read Writeup

🔜 More Coming Soon

TBA
In Progress Blue Team

Future writeups will cover threat hunting methodologies, SIEM rule tuning, EDR deep visibility queries, and live incident response exercises from Locked Shields.

Threat Hunting SentinelOne EDR Locked Shields
Coming Soon

Digital Forensics Journey

Disk, memory, malware analysis — reconstructing attacker activity from artifacts left behind.

The Art of Digital Investigation

Digital forensics fascinates me because it's like being a detective in the digital world. Every incident leaves traces, and learning to find, preserve, and analyze these artifacts is both challenging and rewarding. My forensics journey combines technical skills with methodical investigation techniques to uncover the truth behind security incidents.

Disk & Memory Forensics

I'm developing expertise in analyzing disk images and memory dumps to recover deleted files, examine browser history, extract credentials, and reconstruct attacker activity. Working with tools like Autopsy and FTK, I'm learning proper evidence handling procedures and chain of custody protocols. Memory forensics with Volatility has opened my eyes to how much information persists in RAM.

Malware Analysis Fundamentals

Understanding malware behavior is crucial for forensic investigations. I'm learning both static and dynamic analysis techniques to dissect malicious software, understand its capabilities, and identify Indicators of Compromise (IOCs). Tools like IDA Pro, Ghidra, and various sandboxes help me reverse engineer malware samples safely and document their behavior patterns.

Timeline Analysis & Reconstruction

Creating accurate timelines of events is essential in forensics. I'm mastering timestamp artifacts from file system metadata (MAC times), Windows Registry, event logs, and application artifacts to build comprehensive attack timelines. Tools like Plaso and log2timeline help me correlate events across multiple systems and identify the full scope of incidents.

Forensics Toolkit

Disk Forensics

Autopsy, FTK Imager, EnCase

Memory Analysis

Volatility, Rekall, WinDbg

Malware Analysis

IDA Pro, Ghidra, x64dbg

File Analysis

Binwalk, Exiftool, strings

Network Forensics

Wireshark, NetworkMiner, tcpdump

Timeline Tools

Plaso, log2timeline, Timesketch

About My Journey

Welcome to my cybersecurity learning journey! I'm documenting my progression across red team offensive security, blue team defensive operations, and digital forensics. Each aspect complements the others — understanding attacks makes me a better defender, defensive knowledge improves my attack strategies, and forensics ties everything together by revealing the full story of what happened.

Penetration Testing Active Directory SIEM & Log Analysis Incident Response Threat Hunting Digital Forensics Malware Analysis Network Security Linux & Windows Python & PowerShell