Jekyll 2026-05-09T14:10:38+00:00 https://robinx0.github.io/feed.xml Offensive Security Research · Red Team Ops · Writeups Irfanul Montasir 2026-04-19T00:00:00+00:00 2026-04-19T00:00:00+00:00 https://robinx0.github.io/blogs/red-team-ops/ad-escalation-primitives/ Irfanul Montasir

The operator's toolkit for moving from domain user to domain admin - Kerberoasting → Golden Ticket, Shadow Credentials via msDS-KeyCredentialLink, RBCD via GenericWrite, modern process injection, and Beacon Object Files that tie it all together. Theory, tradecraft, and OPSEC for each primitive.

2026-04-18T00:00:00+00:00 2026-04-18T00:00:00+00:00 https://robinx0.github.io/blogs/web-exploitation/server-side-web-pentest-playbook/ Irfanul Montasir

Four of the highest-impact server-side web vulnerability classes, chained to full compromise. Prototype pollution → RCE via child_process gadgets, OAuth misconfig → account takeover, MSSQL SQLi → SYSTEM via xp_cmdshell + PrintSpoofer, and SSRF → AWS IAM credential theft. Theory, exploitation, and hardening for each.

2026-04-17T00:00:00+00:00 2026-04-17T00:00:00+00:00 https://robinx0.github.io/blogs/edr-bypass/userland-edr-bypass-stack/ Irfanul Montasir

A comprehensive guide to the layered techniques that make up modern userland EDR evasion - restoring clean ntdll, dynamic syscall resolution via Hell's/Halo's/Tartarus' Gate, indirect syscalls, AMSI/ETW patching, and optional kernel callback removal. Theory, working code, OPSEC, and detection for each layer.

2026-04-17T00:00:00+00:00 2026-04-17T00:00:00+00:00 https://robinx0.github.io/blogs/c2-development/c2-stack-build-guide/ Irfanul Montasir

A practical end-to-end guide to building command-and-control infrastructure - a minimal Rust implant, a COFF-parsing BOF loader, resilient redirector chains, and a DNS-over-HTTPS covert channel. How each layer fits together and where OPSEC attention actually pays off.

2026-04-16T00:00:00+00:00 2026-04-16T00:00:00+00:00 https://robinx0.github.io/blogs/red-team-ops/dcsync-dcshadow-operations/ Irfanul Montasir

A complete operator guide to DCSync and DCShadow - the replication APIs MS-DRSR opens up, how to abuse them for NTDS extraction and stealth object modification, and what actually shows up in the 4662 event log.

2026-04-14T00:00:00+00:00 2026-04-14T00:00:00+00:00 https://robinx0.github.io/blogs/edr-bypass/hardware-breakpoint-hooking/ Irfanul Montasir

A practical C++ guide to using x86-64 debug registers (DR0-DR7) for user-mode API hooking - how EDRs are blind to hardware breakpoints, when HWBPs beat patching, and how to build a minimal HWBP engine.

2026-04-11T00:00:00+00:00 2026-04-11T00:00:00+00:00 https://robinx0.github.io/blogs/web-exploitation/jwt-algorithm-confusion/ Irfanul Montasir

A hands-on tour of the JWT attack surface - from the classic alg:none to public-key-as-HMAC-secret confusion, KID path traversal and SQLi, JWK header injection, and weak HS256 secret cracking. With jwt_tool payloads and real exploitation paths.

2026-04-09T00:00:00+00:00 2026-04-09T00:00:00+00:00 https://robinx0.github.io/blogs/c2-development/beacon-object-files-guide/ Irfanul Montasir

A deep guide to writing Beacon Object Files - from understanding the COFF format and Cobalt Strike's BOF runtime to building a production-grade token-duplication BOF with BeaconPrintf, dynamic function resolution, and thread-safe cleanup.

2026-04-07T00:00:00+00:00 2026-04-07T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/coerced-authentication-attacks/ Irfanul Montasir

A practical guide to authentication coercion in Active Directory - the four RPC primitives that force a remote host to authenticate to you, how to chain them with NTLM relay to ADCS, and why patched doesn't always mean fixed.

2026-03-29T00:00:00+00:00 2026-03-29T00:00:00+00:00 https://robinx0.github.io/blogs/edr-bypass/sleep-obfuscation-techniques/ Irfanul Montasir

Advanced sleep obfuscation techniques that encrypt implant memory during sleep cycles to evade EDR memory scanning - covering Ekko, Zilean, Foliage, and custom implementations.

2026-03-27T00:00:00+00:00 2026-03-27T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/adcs-abuse/ Irfanul Montasir

Comprehensive guide to Active Directory Certificate Services misconfigurations - from ESC1 template abuse to NTLM relay on HTTP enrollment. Covers PKINIT internals, the full ESC1-ESC11 catalogue, exploitation tooling, and audit/remediation strategy.

2026-03-25T00:00:00+00:00 2026-03-25T00:00:00+00:00 https://robinx0.github.io/blogs/edr-bypass/stack-spoofing-techniques/ Irfanul Montasir

Advanced techniques for spoofing thread call stacks to evade EDR behavioral detection - covering return address spoofing, synthetic frames, and thread stack manipulation.

2026-03-23T00:00:00+00:00 2026-03-23T00:00:00+00:00 https://robinx0.github.io/blogs/red-team-ops/full-ad-attack-methodology/ Irfanul Montasir

A complete red team playbook for Active Directory environments - from initial foothold through lateral movement, privilege escalation, and domain dominance with practical tool usage.

2026-03-20T00:00:00+00:00 2026-03-20T00:00:00+00:00 https://robinx0.github.io/blogs/c2-development/implant-architecture-guide/ Irfanul Montasir

A comprehensive guide to C2 implant architecture - covering communication protocols, execution models, sleep patterns, anti-forensics, and operational security considerations.

2026-03-17T00:00:00+00:00 2026-03-17T00:00:00+00:00 https://robinx0.github.io/blogs/red-team-ops/ad-acl-abuse-complete-guide/ Irfanul Montasir

Comprehensive guide to exploiting Active Directory Access Control List misconfigurations - GenericAll, GenericWrite, WriteDacl, WriteOwner, ForceChangePassword, and dangerous extended rights.

2026-03-12T00:00:00+00:00 2026-03-12T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/reflective-dll/ Irfanul Montasir

Understanding reflective DLL loading - manually mapping a PE in memory without disk or LoadLibrary, with a complete walkthrough of the bootstrap, header parsing, section mapping, relocation fixups, import resolution, and modern OPSEC improvements.

2026-03-10T00:00:00+00:00 2026-03-10T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/dotnet-rat-unpacking/ Irfanul Montasir

Static and dynamic analysis of an obfuscated .NET RAT - deobfuscation, behavioral analysis, and YARA signatures. Covers ConfuserEx unpacking, dnSpy/dnSpyEx workflow, anti-analysis defeat, custom protocol reverse-engineering, and detection authoring.

2026-03-08T00:00:00+00:00 2026-03-08T00:00:00+00:00 https://robinx0.github.io/blogs/mobile-security/frida-android-hooking/ Irfanul Montasir

Using Frida to bypass SSL pinning, defeat root detection, intercept crypto operations, and hook JNI native functions - complete coverage of Java-side and native-side instrumentation, the universal hook patterns, and modern anti-Frida defeat techniques.

2026-03-07T00:00:00+00:00 2026-03-07T00:00:00+00:00 https://robinx0.github.io/blogs/mobile-security/android-biometric-bypass/ Irfanul Montasir

Hooking BiometricPrompt callbacks and CryptoObject to bypass fingerprint/face authentication in Android banking apps - covering the full BiometricPrompt API, KeyStore-backed gating, hardware-backed strong biometrics, and a practical Frida bypass chain.

2026-03-05T00:00:00+00:00 2026-03-05T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/ntlm-relay-ldap/ Irfanul Montasir

Using PetitPotam to coerce DC authentication and relay to LDAP for domain compromise via RBCD - full coverage of the LDAP-signing prerequisite, ntlmrelayx tooling, the post-relay RBCD chain, and the modern detection/mitigation landscape.

2026-03-05T00:00:00+00:00 2026-03-05T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/cobalt-strike-beacon-analysis/ Irfanul Montasir

Static and dynamic techniques for identifying Cobalt Strike beacons, extracting C2 configs, and generating detection signatures - covering the configuration block format, parser internals, malleable C2 fingerprinting, and YARA strategy.

2026-03-02T00:00:00+00:00 2026-03-02T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/unpacking-packed-malware/ Irfanul Montasir

A systematic approach to identifying and unpacking packed malware - covering UPX, Themida, custom packers, and manual unpacking techniques with x64dbg.

2026-02-28T00:00:00+00:00 2026-02-28T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/anti-analysis-techniques/ Irfanul Montasir

Comprehensive catalog of VM detection, sandbox evasion, debugger detection, and timing-based anti-analysis techniques - with concrete code, the rationale behind each check, and counter-measures for analysts hardening their lab.

2026-02-25T00:00:00+00:00 2026-02-25T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/kerberos-delegation-attacks/ Irfanul Montasir

Understanding and exploiting all three Kerberos delegation types for lateral movement and privilege escalation in Active Directory - full coverage of the S4U2Self / S4U2Proxy protocol, coercion primitives, RBCD via GenericWrite, and the post-ms16-014 mitigation landscape.

2026-02-25T00:00:00+00:00 2026-02-25T00:00:00+00:00 https://robinx0.github.io/blogs/web-exploitation/java-deserialization-rce/ Irfanul Montasir

Understanding and exploiting Java deserialization vulnerabilities - identifying vulnerable endpoints, building gadget chains with ysoserial, and exploiting real-world applications.

2026-02-22T00:00:00+00:00 2026-02-22T00:00:00+00:00 https://robinx0.github.io/blogs/malware-analysis/shellcode-analysis/ Irfanul Montasir

A practical guide to analyzing shellcode - identifying encoders, emulation, and recognizing common patterns. Covers triage, PEB walking, hash-based API resolution, scdbg/SpeakEasy emulation, and family-level pattern recognition.

2026-02-20T00:00:00+00:00 2026-02-20T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/responder-poisoning/ Irfanul Montasir

Capturing NTLMv2 hashes on enterprise networks by poisoning LLMNR, NBT-NS, and MDNS multicast name resolution - the protocol details, Responder configuration, hash format walk-through, cracking strategy, and SMB-signing-aware relay alternatives.

2026-02-18T00:00:00+00:00 2026-02-18T00:00:00+00:00 https://robinx0.github.io/blogs/binary-exploitation/ret2libc/ Irfanul Montasir

Exploiting a stack buffer overflow with NX enabled using GOT leaking and return-to-libc - a complete two-stage exploit covering libc identification, ASLR defeat via PLT/GOT leak, calling-convention setup, and reliable shell.

2026-02-18T00:00:00+00:00 2026-02-18T00:00:00+00:00 https://robinx0.github.io/blogs/network-security/ntlm-relay-comprehensive/ Irfanul Montasir

Everything about NTLM relay - from theory to exploitation. Covering relay to SMB, LDAP, MSSQL, ADCS HTTP, and SCCM with practical tooling and real-world attack chains.

2026-02-15T00:00:00+00:00 2026-02-15T00:00:00+00:00 https://robinx0.github.io/blogs/binary-exploitation/heap-tcache-poisoning/ Irfanul Montasir

Understanding tcache internals and poisoning the freelist for arbitrary write on modern glibc - covering safe-linking, heap and libc leaks, and a complete exploit walk-through against a use-after-free.

2026-02-15T00:00:00+00:00 2026-02-15T00:00:00+00:00 https://robinx0.github.io/blogs/mobile-security/apk-reverse-engineering/ Irfanul Montasir

Complete guide to decompiling, analyzing, and patching Android applications using jadx, apktool, and smali - covering APK structure, native libraries, manifest analysis, common security flaws, and the full patch-rebuild-resign workflow.

2026-02-12T00:00:00+00:00 2026-02-12T00:00:00+00:00 https://robinx0.github.io/blogs/binary-exploitation/format-string-canary-bypass/ Irfanul Montasir

Using format string bugs to leak stack canaries, then exploiting the buffer overflow with the leaked value - covering canary internals, format-string read primitives, offset discovery, and the full chained exploit.

2026-02-10T00:00:00+00:00 2026-02-10T00:00:00+00:00 https://robinx0.github.io/blogs/mobile-security/flutter-traffic-interception/ Irfanul Montasir

Bypassing Flutter's custom TLS stack to intercept HTTPS traffic that ignores system proxy settings and certificate stores - a deep look at why Flutter is harder than native, plus reFlutter, Frida, and iptables-based interception strategies.

2026-02-08T00:00:00+00:00 2026-02-08T00:00:00+00:00 https://robinx0.github.io/blogs/binary-exploitation/rop-x64-gadget-hunting/ Irfanul Montasir

Building ROP chains on x64 Linux - finding gadgets with ropper, handling calling conventions, chaining syscalls, dealing with bad characters, stack alignment, and a complete worked example.

2026-02-05T00:00:00+00:00 2026-02-05T00:00:00+00:00 https://robinx0.github.io/blogs/mobile-security/complete-ssl-pinning-bypass/ Irfanul Montasir

Every technique for bypassing SSL certificate pinning on Android - from network_security_config to OkHttp, TrustManager, Flutter, React Native, Xamarin, and native C++ implementations.

2026-02-01T00:00:00+00:00 2026-02-01T00:00:00+00:00 https://robinx0.github.io/blogs/binary-exploitation/heap-feng-shui-exploitation/ Irfanul Montasir

Advanced heap exploitation techniques - understanding allocator internals, shaping heap layout, and achieving reliable exploitation through careful allocation patterns on glibc and Windows.

2025-12-10T00:00:00+00:00 2025-12-10T00:00:00+00:00 https://robinx0.github.io/blogs/cert-reviews/crto-review/ Irfanul Montasir

Honest review of Zero-Point Security's Certified Red Team Operator certification - the course content, malleable C2 profile development, AV evasion techniques, and the lateral-movement wall I hit on the exam.

2025-06-04T00:00:00+00:00 2025-06-04T00:00:00+00:00 https://robinx0.github.io/blogs/cert-reviews/cpts-journey/ Irfanul Montasir

A deep dive into my preparation, strategy, and lessons learned earning the HackTheBox Certified Penetration Testing Specialist certification - the most challenging hands-on exam I've attempted.

2025-01-24T00:00:00+00:00 2025-01-24T00:00:00+00:00 https://robinx0.github.io/blogs/ctf-writeups/iiuc-cybercon-2022/ Irfanul Montasir

Solutions for challenges from the IIUC CyberCon 2022 CTF organized by IIUC Cyber Analyst Team (CyberWiz) - covering web exploitation, forensics with Volatility, classic crypto on small-exponent RSA, and the broader event experience.

2024-11-07T00:00:00+00:00 2024-11-07T00:00:00+00:00 https://robinx0.github.io/blogs/ctf-writeups/htb-watersnake-writeup/ Irfanul Montasir

Complete walkthrough of the HackTheBox Watersnake challenge - exploiting a YAML deserialization vulnerability in a water tank monitoring dashboard's firmware update feature.

2024-04-09T00:00:00+00:00 2024-04-09T00:00:00+00:00 https://robinx0.github.io/blogs/cert-reviews/ecpptv2-review/ Irfanul Montasir

Comprehensive review of the INE Security eCPPTv2 certification exam - preparation approach, pivoting challenges, buffer overflow section, report writing, and honest tips for passing.

2023-12-25T00:00:00+00:00 2023-12-25T00:00:00+00:00 https://robinx0.github.io/blogs/ctf-writeups/blackhat-mea-2023-reverse/ Irfanul Montasir

Detailed writeup of the Ground Hog Day reverse engineering challenge from the BlackHat MEA 2023 CTF final round in Riyadh - binary analysis, function recovery, and flag extraction.

2023-10-30T00:00:00+00:00 2023-10-30T00:00:00+00:00 https://robinx0.github.io/blogs/ctf-writeups/bluehens-udctf-2023-hardware-reverse/ Irfanul Montasir

Solutions for the Locked Circuit hardware challenge and ElectroNes reverse engineering challenge from the BlueHens UDCTF 2023 competition.

2021-12-13T00:00:00+00:00 2021-12-13T00:00:00+00:00 https://robinx0.github.io/blogs/ctf-writeups/national-cyberdrill-2021-reverse/ Irfanul Montasir

Detailed writeups for the reverse engineering challenges from Bangladesh's National Cyber Drill 2021 organized by BGD e-GOV CIRT - binary analysis, GDB debugging, and flag extraction.