CTF writeups and research.
A focused space for exploitation notes, CTF debriefs, and practical security playbooks you can reuse.
Recent Writeups
Fresh notes from CTF events, labs, and post-exploitation practice.
My 10-Week HTB Sherlocks Blue Team Roadmap
A practical 10-week HTB Sherlocks roadmap for SOC, DFIR, Blue Team, Purple Team, malware triage, cloud IR, threat intel, and interview prep.
Filtered Reality
Full-chain CTF writeup for a WordPress and Puppeteer bot challenge involving nonce leakage, DOM clobbering, CSP nonce recovery, RCE, and SHA-256 length extension.
GCP Beginner Path
Phase 6 notes: Google Cloud Storage exposure, hidden file discovery, SSRF, Gopher bypasses, metadata service access, and GCP initial access.
Azure Beginner Path
Phase 5 notes: Azure Blob Storage exposure, Key Vault abuse, Storage Tables, Entra ID recon, AzureHound, BloodHound, Microsoft Graph, and M365 post-exploitation.
Curated Link Vault
Saved references, docs, and challenge resources.
Tag Navigation
Jump quickly by topic: web, cloud, pwn, rev, crypto.
CTF Timeline
Contest achievements, focus areas, and background.