Archive
Writeups & research44
Technique and methodology walkthroughs from HackTheBox, CRTO, CTFs, and research labs. Filter by domain, search by keyword, or browse the latest below.
/
#001
Apr 19
›
#002
Apr 18
›
#003
Apr 17
›
#004
Apr 17
›
#005
Apr 16
›
#006
Apr 14
›
#007
Apr 11
›
#008
Apr 09
›
#009
Apr 07
›
#010
Mar 29
›
#011
Mar 27
›
#012
Mar 25
›
#013
Mar 23
›
#014
Mar 20
›
#015
Mar 17
›
#016
Mar 12
›
#017
Mar 10
›
#018
Mar 08
›
#019
Mar 07
›
#020
Mar 05
›
#021
Mar 05
›
#022
Mar 02
›
#023
Feb 28
›
#024
Feb 25
›
#025
Feb 25
›
#026
Feb 22
›
#027
Feb 20
›
#028
Feb 18
›
#029
Feb 18
›
#030
Feb 15
›
#031
Feb 15
›
#032
Feb 12
›
#033
Feb 10
›
#034
Feb 08
›
#035
Feb 05
›
#036
Feb 01
›
#037
Dec 10
›
#038
Jun 04
›
#039
Jan 24
›
#040
Nov 07
›
#041
Apr 09
›
#042
Dec 25
›
#043
Oct 30
›
#044
Dec 13
›
AD Privilege Escalation Primitives: Kerberoasting, Shadow Credentials, RBCD, Injection, and BOFs
Server-Side Web Pentest Playbook: Prototype Pollution, OAuth Flaws, SQLi-to-RCE, and SSRF
The Userland EDR Bypass Stack: Unhooking, Syscalls, ETW/AMSI, and Kernel Callbacks
Building a C2 Stack: Implants, BOF Loaders, Redirectors, and DoH Channels
DCSync and DCShadow: Abusing Replication Rights for Credential Theft and Persistence
Hardware Breakpoint Hooking: Bypassing Inline EDR Hooks Without Touching Memory
JWT Algorithm Confusion: None, HS256/RS256 Mix-Ups, and KID Injection
Beacon Object Files from Scratch: COFF Loading, Dynamic Resolution, and Battle-Tested Tradecraft
Coerced Authentication Attacks: PetitPotam, PrinterBug, DFSCoerce, and the ADCS ESC8 Chain
Sleep Obfuscation Deep Dive: Ekko, Zilean, and Foliage
ADCS Abuse: ESC1 Through ESC8 Attack Paths
Call Stack Spoofing: Defeating EDR Stack Telemetry
Active Directory Attack Methodology: Initial Access to Domain Admin
Designing a Modern C2 Implant: Architecture and OPSEC
Active Directory ACL Abuse: Every Attack Path Explained
Reflective DLL Injection: Theory & Practice
.NET RAT Unpacking & C2 Protocol Extraction
Android Runtime Hooking with Frida
Bypassing Android Biometric Authentication via Frida
NTLM Relay to LDAP: Domain Takeover
Extracting Cobalt Strike Beacon Configuration
Unpacking Malware: From UPX to Custom Crypters
Anti-Analysis Techniques: How Malware Detects Your Sandbox
Kerberos Delegation Attacks: Unconstrained, Constrained, RBCD
Java Deserialization Attacks: From Gadget Chains to RCE
Shellcode Analysis: Tips, Tricks & Common Patterns
LLMNR/NBT-NS Poisoning with Responder
Ret2Libc: Bypassing NX Protection
NTLM Relay Attacks: A Comprehensive Guide
Heap Exploitation 101: Tcache Poisoning on glibc 2.35
Android APK Reverse Engineering: From APK to Source
Stack Canary Bypass via Format String Vulnerability
Intercepting Flutter App Traffic with Frida
x64 ROP Chains: Systematic Gadget Hunting
The Complete Guide to Android SSL Pinning Bypass
Heap Feng Shui: Controlling Memory Layout for Exploitation
My CRTO Exam Review: Cobalt Strike, Malleable Profiles, and Adversary Simulation
Forged in Fortresses: My Complete HackTheBox CPTS Journey
IIUC CyberCon 2022: CTF Challenge Solutions
HackTheBox Watersnake Challenge: YAML Deserialization to RCE
My eCPPTv2 Exam Review: Pivoting Through the Pain
BlackHat MEA 2023 CTF Finals: Reverse Engineering Writeup
BlueHens UDCTF 2023: Hardware & Reverse Engineering Writeups
National Cyber Drill 2021: Reverse Engineering Challenges
No writeups match your search.