/writeups

CTF and box write-ups — full attack chain methodology from reconnaissance to root.

// hackthebox — 2 boxes

[HTB]CCTV

EasyDefault creds on ZoneMinder → CVE-2024-51482 Boolean SQLi → credentials dumped → SSH → motionEye command injection → root✅

[HTB]WingData

EasyHackTheBox machine write-up✅

// tryhackme challenge boxes — 15 completed

[THM]Mr Robot CTF

MediumWeb fuzzing → WordPress reverse shell → credential reuse → Nmap SUID privesc → root✅

[THM]Kenobi

EasySamba enumeration → ProFTPD mod_copy → SSH key steal → SUID binary privesc → root✅

[THM]Blue

EasyEternalBlue MS17-010 → SYSTEM shell✅

[THM]RootMe

EasyWeb upload bypass → reverse shell → SUID privesc → root✅

[THM]Pickle Rick

EasyWeb enumeration → command injection → privilege escalation → root✅

[THM]Lian_Yu

EasySteganography → FTP creds → SSH → pkexec privesc → root✅

[THM]OhSINT

EasyOSINT challenge — EXIF data → social media → geolocation✅

[THM]OWASP Juice Shop

EasyWeb app exploitation — SQLi, XSS, broken access control✅

[THM]Basic Pentesting

EasyEnumeration → brute force → SSH → Linux privesc✅

[THM]Corridor

EasyIDOR vulnerability exploitation via hash manipulation✅

[THM]Neighbour

EasyIDOR — access control bypass via parameter manipulation✅

[THM]W1seGuy

EasyCrypto challenge — XOR key recovery → flag decryption✅

[THM]Compiled

EasyCompiled binary analysis challenge✅

[THM]Valenfind

MediumTryHackMe seasonal challenge room✅

[THM]Cupid's Matchmaker

EasyStored XSS → admin bot cookie theft → flag capture (Love At First Breach 2026)✅

// tryhackme learning paths — 90 documented walkthrough rooms · 15 challenge boxes highlighted · 127 rooms completed overall

Phase 1 — Foundation

33 roomsLinux/Windows fundamentals, networking, Nmap, Wireshark, Tcpdump, DNS, first CVEs

Phase 2 — Web Attacks

15 roomsHTTP, Burp Suite, SQLMap, XSS, IDOR, Auth Bypass, OWASP Top 10 2025

Phase 3 — Exploitation

8 roomsMetasploit trilogy, Meterpreter, John the Ripper, password attacks

Phase 5 — Active Directory

1 roomsAD Basics (head start)

Cryptography

3 roomsCrypto basics, public key, hashing

SOC / Blue Team

2 roomsJunior Security Analyst, SOC role

Advent of Cyber 2025

24 roomsIDOR, XSS, malware analysis, YARA, containers, AWS, forensics, C2 detection

Pre-Security & General

4 roomsComputer fundamentals, Vim, becoming a hacker

// advent of cyber 2025

[THM]Advent of Cyber 2025 — 24 rooms completed✅

Cross-topic coverage: IDOR, XSS, malware analysis, YARA rules, container security, AWS enumeration, registry forensics, C2 detection, race conditions, and more.