THM Startup - Full Attack Chain (FTP Misconfiguration to Root via PwnKit)

A complete walkthrough of the TryHackMe Startup machine, covering reconnaissance, exploitation via anonymous FTP upload, credential discovery through PCAP analysis, and privilege escalation using P...

Mar 30, 2026 Cybersecurity, Penetration Testing

Lab - Exploiting XSS to Steal Cookies

This writeup covers exploiting a stored XSS vulnerability to steal session cookies and impersonate users, part of the PortSwigger XSS lab series.

Mar 20, 2026 Vulnerabilities, WebExploitation

Zzz Challenge Writeup mojoJOJO CTF

A writeup for the web exploitation challenge named Zzz in MOJOJOJO CTF

Feb 9, 2026 Writeups, MOJOJOJO

Product Challenge Writeup mojoJOJO CTF

A writeup for the web exploitation challenge named products in MOJOJOJO CTF

Feb 9, 2026 Writeups, MOJOJOJO

From Swagger to Secrets- Exploiting an Exposed Heap Dump

A writeup for the solution of the head-dump challenge in PicoCTF.

Feb 5, 2026 Writeups, WebExploitation

Lab - Reflected XSS with some SVG markup allowed

This writeup delves into the 16th XSS lab in port swigger.

Feb 4, 2026 Vulnerabilities, WebExploitation

Lab - Reflected XSS into HTML context with all tags blocked except custom ones

This writeup delves into the 15th XSS lab in port swigger.

Jan 22, 2026 Vulnerabilities, WebExploitation

Stored DOM XSS

This writeup delves into the 13th XSS lab in port swigger.

Jan 20, 2026 Vulnerabilities, WebExploitation

Reflected XSS into HTML context with most tags and attributes blocked

This writeup delves into the 14th XSS lab in port swigger.