Team - TryHackMe Writeup

Introduction This is another writeup for an easy THM machine titled Team. We will be using the PTES methodology when performing this machine as a whole penetration test. To see the professional r...

Apr 9, 2026 Vulnerabilities, WebExploitation

THM Startup - Full Attack Chain (FTP Misconfiguration to Root via PwnKit)

A complete walkthrough of the TryHackMe Startup machine, covering reconnaissance, exploitation via anonymous FTP upload, credential discovery through PCAP analysis, and privilege escalation using P...

Mar 30, 2026 Cybersecurity, Penetration Testing

Lab - Exploiting XSS to Steal Cookies

This writeup covers exploiting a stored XSS vulnerability to steal session cookies and impersonate users, part of the PortSwigger XSS lab series.

Mar 20, 2026 Vulnerabilities, WebExploitation

Preview Image

Zzz Challenge Writeup mojoJOJO CTF

A writeup for the web exploitation challenge named Zzz in MOJOJOJO CTF

Feb 9, 2026 Writeups, MOJOJOJO

Preview Image

Product Challenge Writeup mojoJOJO CTF

A writeup for the web exploitation challenge named products in MOJOJOJO CTF

Feb 9, 2026 Writeups, MOJOJOJO

From Swagger to Secrets- Exploiting an Exposed Heap Dump

A writeup for the solution of the head-dump challenge in PicoCTF.

Feb 5, 2026 Writeups, WebExploitation

Lab - Reflected XSS with some SVG markup allowed

This writeup delves into the 16th XSS lab in port swigger.

Feb 4, 2026 Vulnerabilities, WebExploitation

Lab - Reflected XSS into HTML context with all tags blocked except custom ones

This writeup delves into the 15th XSS lab in port swigger.

Jan 22, 2026 Vulnerabilities, WebExploitation

Stored DOM XSS

This writeup delves into the 13th XSS lab in port swigger.

Jan 20, 2026 Vulnerabilities, WebExploitation

Reflected XSS into HTML context with most tags and attributes blocked

This writeup delves into the 14th XSS lab in port swigger.

Jan 20, 2026 Vulnerabilities, WebExploitation