Your cart is currently empty!
-
Sync – Vulnlab and Hack The Box Walkthrough
Introduction This is a write-up / walkthrough of the vulnlab and hack the box machine “Sync”. This machine involved a foothold using credentials obtained from an exposed database using rsync and then using FTP to upload an SSH public key for shell access. The privilege escalation involved lateral movement from another user and exploiting a
-
Prompt Injection Attack Guide and Cheat Sheet
Introduction I’ve decided to write this blog and guide to help penetration testers, AI red teamers and CTF participants be successful at their AI/LLM testing engagements. If you are in the middle of an engagement, doing a bug bounty or trying to solve an AI/LLM related CTF challenge, the following content will help streamline your
-
HTB Certified Web Exploitation Specialist (CWES) – Certification, Exam and Training Review (Hack The Box)
Note: As of October 1st, 2025, the Certified Bug Bounty Hunter (CBBH) certification has been renamed to the Certified Web Exploitation Specialist (CWES). This comes with module and syllabus updates and additional training. You can read about the new update here: https://www.hackthebox.com/blog/HTB-CWES-announcement Introduction I went on a streak pwning web apps IRL as well as
-
Practical Web Pentest Professional (PWPP) Certification, Exam and Training Review
Introduction I wanted to improve my web application penetration testing skills at work and also my bug bounty hunting methodology. TCM had their summer sale and this training and exam bundle was $100 off, so I decided to buy the Practical Web Pentest Professional (PWPP) course and get another hacking cert. I’ve taken other TCM
-
How to Crush Web App Penetration Tests
Introduction I recently wrapped up a web penetration test where I completely compromised the target application, and I wanted to share what worked, the steps I took, and the methodology behind it. This guide is for new penetration testers or anyone looking for a practical approach from real-world engagements. In this blog I will cover:
-
My BSides SF 2025 Experience
I recently attended the 2-day BSides SF 2025 conference at the San Francisco Metreon and wanted to share my experience at the event. This was also my first time attending BSides in San Francisco and I wanted to thank everyone that I met during the conference, especially the panelists at all the talks and the