Imagined a forest. It was a twig. Lesson: Don’t overthink. Think in primitives. Twiggy (PG Lab) revolves around a backport regression. A fix from a newer version was applied to an older codeb...

Trusted relay. Privilege carried. Lesson: trusted services can quietly carry privilege where it doesn’t belong. SUID Misconfiguration PlanetExpress (PG Lab) is an example of SUID (Set User ...

Restricted upload. Trust misplaced. Lesson: small upload decisions can quietly lead to SYSTEM. From Restricted File Upload to SYSTEM Access (PG Lab) began with a web-layer attack. A restrict...

SMB signing enabled. NTLM still leaked. Lesson: outbound authentication is often the real attack surface. SSRF via NTLMv2 Abuse Heist (PG Lab) demonstrates an SSRF (Server-Side Request Forgery...

Same exploit. Same payload. Worked on macOS. Failed on PC. Lesson: exploitation isn’t just about the vulnerability, it’s about how tools and environments interact with it. Exploited Without Me...

Delegation misconfigured. Authority inherited. Lesson: trust delegation can silently become full control. Delegation Misconfiguration Resourced (PG Lab) demonstrates a classic Active Direc...

Big kudos to fishlover7! Redditor fishlove7 put in serious work crafting the Ultimate CompTIA SY0-701 Security+ Study Guide. The fish’s real name? Christian Joseph Miranda as it is written in the...

Parrot OS unable to open Burpsuite Probably see this when tried to open up a BurpSuite on Parrot OS. It seems that Parrot OS is currently limited to JDK 17. What we will do is downgrade BurpSui...

Taking OSCP course after of all! I just started taking Offensive Security Certified Professional course and it’s super strict. I cannot blog on most of contents, questions, and answers from OSCP c...

This is the Advanced Text-Fu section from Linux Journey Regex (Regular expression) Regular expression is a tool that uses special notations as an universal language with almost any programming lan...