Skip to main content

Posts

Writeups and notes on offensive security — CTF challenges, HackTheBox machines, CVE reproductions, bug bounty findings, and red-team research.

2026

DLL Hijack/Proxying/Side-loading... All in one
·16 mins
Research DLL hijacking DLL proxying DLL side-loading COM hijacking KeePassXC Windows red team
[Reproduce] CVE-2024-48510 - DotNetZip: Path Traversal
·5 mins
CVE CVE-2024-48510 DotNetZip path traversal Zip Slip RCE .NET
HTB Linux Insane: Sorcery
·35 mins
Machine/Room HackTheBox Linux Cypher injection Neo4j privilege escalation LDAP strace Kafka

2025

HTB Windows Medium: Signed
·6 mins
Machine/Room HackTheBox Windows privilege escalation penetration testing
[Reproduce] CVE-2025-49144 - Notepad++: Uncontrolled Executable Search Order
·4 mins
CVE CVE-2025-49144 Notepad++ local privilege escalation binary planting Windows
Coursera: logic bug in certificate validation
·3 mins
Bug Bounty bug bounty business logic vulnerability Coursera broken access control