Penetration testing notes and HackTheBox writeups. Synthesized from my Obsidian vault, organized by attack surface.
Knowledge Base
| Topic | Content |
|---|
| Reconnaissance-and-Information-Gathering | Discovery, mapping, OSINT |
| Client-Side-Vulnerabilities | XSS, CSRF, Clickjacking, CSTI, Prototype Pollution |
| Server-Side-Vulnerabilities | SQLi, Command Injection, SSTI, XXE, SSRF, File Upload |
| Web-Application-Security | Auth bypass, session management, business logic |
| Network-Security-and-Services | Protocol exploitation, wireless, FTP/SSH/SMB/RDP |
| Linux-Security-and-Exploitation | Privesc, misconfigs, post-exploitation |
| Windows-Security-and-Exploitation | Privesc, token manipulation, registry |
| Active-Directory-Security | Kerberos, lateral movement, ACL abuse, ADCS |
| Tools-and-Methodologies | Pentesting tools and workflows |
HTB Writeups
| Machine | Key Techniques |
|---|
| BoardLight_EN | Web app exploitation, Linux privesc |
| Buff_EN | Web app exploitation, Windows privesc |
| Clicker_EN | Web app exploitation, Linux privesc |
| Codify_EN | Node.js sandbox escape, Linux privesc |
| Devvortex_EN | Joomla exploitation, Linux privesc |
| Editorial_EN | SSRF, Linux privesc |
| Jarvis_EN | SQLi, Linux privesc |
| Love_EN | SSRF, Windows privesc |
| Mailing_EN | hMailServer, CVE-2024-21413, NTLMv2 capture |
| Poison_EN | LFI, Log Poisoning, VNC, SSH tunneling (FreeBSD) |
| Remote_EN | NFS, CMS exploitation, Windows privesc |
| SolidState_EN | Apache James 2.3.2, POP3 enum, restricted shell escape, cron privesc |
| TartarSauce_EN | WordPress RFI (gwolle-gb), sudo tar GTFOBins |