-
Certified Terraform Associate – Certification and Training Review
Introduction I got the Certified Terraform Associate to validate my Terraform skills in terms of provisioning cloud assets for penetration testing. In general I’ve used these skills on other cloud engineering projects and deployment of infra across different cloud providers. I found out the certificate was only around $70 and wanted to get something to
-
Sync – Vulnlab and Hack The Box Walkthrough
Introduction This is a write-up / walkthrough of the vulnlab and hack the box machine “Sync”. This machine involved a foothold using credentials obtained from an exposed database using rsync and then using FTP to upload an SSH public key for shell access. The privilege escalation involved lateral movement from another user and exploiting a
-
Prompt Injection Attack Guide and Cheat Sheet
Introduction I’ve decided to write this blog and guide to help penetration testers, AI red teamers and CTF participants be successful at their AI/LLM testing engagements. If you are in the middle of an engagement, doing a bug bounty or trying to solve an AI/LLM related CTF challenge, the following content will help streamline your
-
HTB Certified Web Exploitation Specialist (CWES) – Certification, Exam and Training Review (Hack The Box)
Note: As of October 1st, 2025, the Certified Bug Bounty Hunter (CBBH) certification has been renamed to the Certified Web Exploitation Specialist (CWES). This comes with module and syllabus updates and additional training. You can read about the new update here: https://www.hackthebox.com/blog/HTB-CWES-announcement Introduction I went on a streak pwning web apps IRL as well as
-
Practical Web Pentest Professional (PWPP) Certification, Exam and Training Review
Introduction I wanted to improve my web application penetration testing skills at work and also my bug bounty hunting methodology. TCM had their summer sale and this training and exam bundle was $100 off, so I decided to buy the Practical Web Pentest Professional (PWPP) course and get another hacking cert. I’ve taken other TCM
-
How to Crush Web App Penetration Tests
Introduction I recently wrapped up a web penetration test where I completely compromised the target application, and I wanted to share what worked, the steps I took, and the methodology behind it. This guide is for new penetration testers or anyone looking for a practical approach from real-world engagements. In this blog I will cover:
