An in-depth review of the Practical Network Penetration Tester (PNPT) certification journey, exam experience, and key preparation tips.

Walkthrough of the Expert-level Web Cache Deception lab from PortSwigger Academy, focusing on exploiting exact-match cache rules using advanced path normalization techniques.

Practitioner-level Web Cache Deception labs from PortSwigger Academy covering path delimiter abuse, normalization discrepancies in origin and cache servers, and how these mismatches lead to private data exposure via cache poisoning.

Walkthrough of the Apprentice-level Web Cache Deception lab at PortSwigger Academy, using path mapping and static resource extension tricks to retrieve cached sensitive data.

Our team qualified for BlackHat MEA 2024! This post includes web challenge write-ups from the qualifiers and insights into our journey to the top 100.

A detailed walkthrough of web challenges from Blitzstorm CTF 2024, including Tindog, Cyber-Awareness, and Discover. Covers directory busting, .git exploitation, PHP filtering, and command injection bypass.

A walkthrough of the Nghinx machine from Ignite CTF 2023, involving LFI exploitation and Nginx misconfiguration leading to machine takeover.

A walkthrough of the Basic Pentesting room on TryHackMe, covering enumeration, brute forcing, and privilege escalation.