Blog
CTF writeups, research notes, and deep dives.
My 10-Week HTB Sherlocks Blue Team Roadmap
A practical 10-week HTB Sherlocks roadmap for SOC, DFIR, Blue Team, Purple Team, malware triage, cloud IR, threat intel, and interview prep.
Filtered Reality
Full-chain CTF writeup for a WordPress and Puppeteer bot challenge involving nonce leakage, DOM clobbering, CSP nonce recovery, RCE, and SHA-256 length extension.
GCP Beginner Path
Phase 6 notes: Google Cloud Storage exposure, hidden file discovery, SSRF, Gopher bypasses, metadata service access, and GCP initial access.
Azure Beginner Path
Phase 5 notes: Azure Blob Storage exposure, Key Vault abuse, Storage Tables, Entra ID recon, AzureHound, BloodHound, Microsoft Graph, and M365 post-exploitation.
AWS Detection + Blue Team
Phase 4 notes: AWS detection, CloudTrail analysis, Athena queries, Macie, Security Hub, Amazon Detective, and credential abuse response.
AWS Privilege Escalation + Service Abuse
Phase 3 notes: privilege escalation paths, trust-policy abuse, and service-level exploitation across S3, IAM, Cognito, SQS, and Lambda.
Web-to-Cloud Attack Chains
Phase 2 notes: chaining web vulnerabilities into AWS credential theft, secret discovery, and cloud resource compromise.
AWS Storage + IAM Foundation
Phase 1 notes: S3, IAM, account ID discovery, CloudTrail investigation, and exposure risks in EBS/RDS.
SIEM Analysis Using Splunk BOTS v1
SIEM analysis report converted from PDF to MDX format.
Windows Forensics & Event Log Analysis (HTB Sherlock: GhostTrace)
Windows forensics and event log analysis report converted from PDF to MDX.