A clever JavaScript prototype pollution type confusion challenge on Hack The Box.

Detailed walkthrough of the Hard Windows Active Directory machine DarkZero on Hack The Box.

Easy Windows Active Directory machine. Misconfigurations lead from initial access to full domain compromise.

An in-depth review of the Practical Network Penetration Tester (PNPT) certification journey, exam experience, and key preparation tips.

Walkthrough of the Expert-level Web Cache Deception lab from PortSwigger Academy, focusing on exploiting exact-match cache rules using advanced path normalization techniques.

Practitioner-level Web Cache Deception labs from PortSwigger Academy covering path delimiter abuse, normalization discrepancies in origin and cache servers, and how these mismatches lead to private data exposure via cache poisoning.

Walkthrough of the Apprentice-level Web Cache Deception lab at PortSwigger Academy, using path mapping and static resource extension tricks to retrieve cached sensitive data.

Our team qualified for BlackHat MEA 2024! This post includes web challenge write-ups from the qualifiers and insights into our journey to the top 100.