Search
WriteupContinue Y/N — Cyber Maze Challenge V25
Multi-step exploitation chain: LFR → JWT forgery → SSRF → SQLi → RCE
WriteupHow I Conquered the HTB CWES Exam in 3 Weeks
From Active Directory to bug bounties — my CWES certification journey
WriteupSheSecured CTF — Access Denied
SSRF bypass using redirect rebinding to access internal endpoints
WriteupSheSecured CTF — Fama Mino?
SQL injection, LFI, and PHP filter chain to gain RCE
WriteupSheSecured CTF — Injection
Simple command injection in a ping utility
WriteupRamadan's Spark CTF 2025 — Secure BankSys
SQL injection on a banking application
WriteupRamadan's Spark CTF 2025 — Shadow Graph
GraphQL introspection to leak secrets
WriteupRamadan's Spark CTF 2025 — Shadow Graph 2
SSRF to GraphQL SQL injection
WriteupRamadan's Spark CTF 2025 — Struts
Apache Struts CVE-2017-5638 RCE via Content-Type header
WriteupRamadan's Spark CTF 2025 — WhatIsXSS
Stored XSS with JS deobfuscation
CheatsheetLFI & File Inclusion Cheatsheet
Local File Inclusion, bypasses, RFI, log poisoning, and RCE techniques
CheatsheetSQL Injection Cheatsheet
Complete SQL injection reference — detection, enumeration, UNION injection, file read/write
CheatsheetXSS — Cross-Site Scripting Cheatsheet
Types of XSS, payloads, tools, and detection techniques
CertificationCPTS — HTB Certified Penetration Testing Specialist
Intermediate-level hands-on penetration testing certification assessing real-world skills — spotting security issues, chaining vulnerabilities, and delivering commercial-grade remediation reports.
CertificationCWES — Certified Web Exploitation Specialist
Advanced web exploitation certification covering real-world attack chains, from recon to RCE.
CertificationCRTP — Certified Red Team Professional
Red team certification focused on Active Directory attack techniques and defense bypass.