Write-ups
Technical deep-dives, CTF walkthroughs, and research notes.
- 8 min read
HackTheBox — Titanic (Linux)
Exploiting a path traversal vulnerability in a ticket download endpoint to extract sensitive files, cracking Gitea database hashes, and escalating to root via an ImageMagick AppImage shared library hijack.
HTBPath TraversalLFIGiteaImageMagickLinuxRead - 10 min read
HackTheBox — The Frizz (Windows)
Exploiting CVE-2023-45878 in Gibbon LMS to upload a PHP shell, extracting salted hashes from MySQL, authenticating via Kerberos, and abusing GPO WriteGPLink permissions for domain admin.
HTBActive DirectoryKerberosGPO AbuseWindowsRead - 8 min read
HackTheBox — Dog (Linux)
Exploiting an exposed Git repository on a Backdrop CMS site to extract credentials, uploading a PHP shell via the admin module installer, and escalating to root through the bee CLI tool.
HTBBackdrop CMSGit DumperPHP ShellSudo AbuseLinuxRead - 8 min read
HackTheBox — Cypher (Linux)
Exploiting a Neo4j Cypher Injection through a custom APOC extension to gain RCE, then escalating privileges via bbot YARA rule abuse.
HTBCypher InjectionNeo4jPrivilege EscalationLinuxRead - 7 min read
HackTheBox — Code (Linux)
Exploiting a Python code editor with eval protections bypass to extract credentials from SQLite, then abusing a backup script with path traversal to read the root flag.
HTBPythonEval BypassPath TraversalLinuxRead - 12 min read
Binary Explorer: Agentic RAG over MCP for Vulnerability Analysis
How I designed Binary Explorer — an MCP-based agentic system that decompiles, indexes, and queries binary vulnerabilities using FAISS and Ghidra.
LLMRAGMCPGhidraFAISSPythonRead - 6 min read
CyberChallenge.IT — Lessons from a National CTF
Key takeaways from participating in CyberChallenge.IT: exploit patterns, mindset for binary exploitation, and things I'd do differently.
CTFBinary ExploitationSecurityRead