π ~/study - Cyber Deep Dives
68 postsComprehensive technical breakdowns of security concepts, vulnerabilities, and exploitation techniques. Each post is a complete guide from basics to advanced exploitation.
Advanced Blind SSRF Exploitation: Multi-Stage OOB, Rate-Limit Bypass & Automation
Learn how to chain blind SSRF requests for multi-stage out-of-band attacks, defeat rate-limiting controls, and build automated frameworks that scale. Real-world examples, code snippets, and mitigation strategies are covered for security professionals.
Mastering CL.TE Desync: Content-Length vs Transfer-Encoding Exploitation
Learn how CL.TE HTTP request smuggling works, craft malicious payloads, detect vulnerable servers, and apply robust mitigations. Includes theory, hands-on labs, tools, and real-world case studies.
Active DNS Enumeration: dig, nslookup, host, fierce & dnsrecon
Learn how to harvest DNS data using dig, nslookup, host, fierce, and dnsrecon. The guide covers record types, scripting, wildcard detection, AXFR attempts, automation with bash/jq, and how to turn raw results into actionable intelligence.
Intro to Google Dorking: Mastering Basic Search Operators
Learn how Googleβs advanced search operators work, how to craft precise dorks, and how to automate and protect against information leakage using practical examples and scripts.
Unconstrained Delegation Abuse: Exploiting Mis-configured SPNs
Learn how to locate SPNs with unconstrained delegation, request and forge Kerberos tickets using PowerView and Rubeus, and pivot to high-privilege accounts. Includes detection, mitigation, and hands-on labs.
WebSocket Tunneling for C2: Introductory Study Guide
Learn how WebSocket connections can be abused for command and control, from handshake fundamentals to building a minimal C2 server and evasion techniques. This guide offers practical code, detection tips, and real-world context for security professionals.
Reflected XSS Exploitation Basics - From Discovery to Data Extraction
Learn how to locate injectable vectors, craft reliable payloads, bypass trivial filters, verify execution with devtools, and harvest data via document.cookie and DOM manipulation in reflected XSS attacks.
Introspection Abuse: Harvesting the Full GraphQL Schema
Learn how to extract a complete GraphQL schema via introspection, automate collection, analyze for attack vectors, and combine with injection or auth-bypass techniques.
CSP Bypass Techniques: JSONP, Unsafe Inline, Wildcards, and Nonce Reuse
Learn how attackers subvert Content Security Policy using JSONP endpoints, unsafe-inline allowances, wildcard sources, and nonce reuse, and discover practical defenses and mitigation strategies.
Signing Malicious Drivers with Stolen Certificates - Intermediate Guide
Learn how Stuxnet harvested authentic Authenticode certificates, analyze them with certutil/OpenSSL, sign malicious drivers, bypass Windows enforcement, and detect signed driver abuse. Practical examples and defensive guidance included.
Stuxnet Architecture & Attack Surface - Introductory Study Guide
Learn Stuxnetβs historical backdrop, threat model, high-level architecture, targeted protocols, and design goals. Ideal for professionals with Windows malware and PLC basics.
Stuxnet Architecture and Attack Goals - Introductory Study Guide
Learn the high-level architecture of Stuxnet, its strategic sabotage objectives, key component interactions, and the multi-stage infection chain. Perfect for analysts familiar with Windows internals and PLC basics.
SSRF Fundamentals: Mapping the Attack Surface and Assessing Risk
Learn what Server-Side Request Forgery (SSRF) is, why it matters, and how to enumerate internal services, cloud metadata, and vulnerable parameters. Includes hands-on examples, mitigation tactics, and real-world CVE references.
Error-Based SQL Injection - From Theory to Automated Exploitation
Learn how error-based SQLi leaks data via DB error messages, craft reliable payloads, automate extraction with sqlmap, and defend your applications with robust mitigations.
Advanced HTTP/2 Stream Multiplexing Abuse: Multi-Request Exploitation for Privilege Escalation
Learn how attackers embed, interleave, and prioritize multiple HTTP/2 requests within a single stream to bypass defenses, exfiltrate data, and chain backend calls for privilege escalation.
Introductory Guide to HTTP/2 Request Smuggling
Learn the fundamentals of HTTP/2 request smuggling, from frame anatomy and HPACK abuse to practical crafting with h2c/curl, multiplexing tricks, detection, and mitigation.
Web Cache Deception Lab: Nginx + Cloudflare
Learn how cache deception works, craft deceptive URLs, configure Nginx, and test against Cloudflare. The guide covers cache key logic, path-confusion tricks, and detection methods for security professionals.
GraphQL Injection Fundamentals: Advanced Techniques and Mitigations
GraphQL Injection Fundamentals
Intro to Sudo Configuration & Enumeration: Basics Every Pentester Should Know
Understanding Sudo Configuration and Enumeration (Intro)
Understanding the CL.TE Desync Attack: Content-Length vs Transfer-Encoding Mismatch
Learn how CL.TE desynchronization works, craft malicious requests, test them with common tools, and identify vulnerable Apache/Nginx versions. Includes defenses, real-world impact, and hands-on labs.
Out-of-Band SQL Injection: DNS & HTTP Exfiltration Techniques
Learn how OOB SQLi leverages DNS and HTTP channels to steal data, automate payloads with sqlmap, detect traffic, and apply robust mitigations.
Exploiting Shopping Cart Race Conditions for Price Manipulation
Learn how to locate, analyze, and exploit TOCTOU race conditions in e-commerce shopping-cart APIs to alter product prices. The guide covers timing measurement, concurrent request generation, CSRF bypass, verification, and mitigation strategies.
XXE Injection Fundamentals: Entities, DTDs, and Parser Behaviors
Learn the core mechanics behind XML External Entity (XXE) attacks - from entity types and DTD syntax to how popular parsers resolve external entities. Includes hands-on payloads, testing tips, and mitigation best practices.
Django Template Engine SSTI β RCE via __import__ (Intermediate)
Learn how to weaponise Django's template engine to achieve remote code execution using the __import__ trick. The guide walks through rendering flow, auto-escaping bypasses, OS command execution and post-exploitation tactics.
Advanced SSTI: Deserialization Gadget Chains for RCE
Learn how deserialization gadget chains can be leveraged through Server-Side Template Injection to achieve remote code execution, generate Java and Python payloads, bypass sandbox filters, and maintain post-exploitation footholds.
Log Poisoning via LFI β Remote Code Execution: Techniques & Defenses
Learn how attackers turn writable web server logs into a weapon, inject PHP payloads through HTTP headers, bypass LFI filters, and achieve remote code execution. Includes detection, mitigation, and hands-on labs.
Advanced Guide to Crafting and Leveraging Golden Tickets with Mimikatz
Deep dive into creating, abusing, and persisting Golden Tickets. Learn extraction of the krbtgt hash, ticket forgery, injection, detection evasion, and post-exploitation use cases.
Escaping a Kubernetes Pod via Host PID Namespace
Learn how hostPID can be abused to break out of a pod, gain root on the host, and establish a persistent reverse shell. Includes enumeration, malicious pod specs, nsenter tricks, and mitigation.
Intermediate Guide to DNS Tunneling with Iodine
Learn how to install Iodine, configure BIND for DNS tunneling, encode traffic, obtain an interactive shell, evade defenses, and troubleshoot common issues.
Reflective DLL Injection with PowerShell & C# - In-Depth Guide
Learn how to craft, load, and stealthily execute reflective DLLs using PowerShell one-liners and C# in-memory techniques, bypass defenses, handle ASLR/DEP, and clean up traces.
Pass-the-Hash Fundamentals: Concept, Threat Model & Mitigation
Learn how NTLM challenge/response works, why hashes can be reused for authentication, and how attackers leverage Pass-the-Hash for lateral movement. Includes detection tips, practical examples, and mitigation strategies.
Docker Socket Abuse: Gaining Host Access via /var/run/docker.sock
Learn how attackers exploit the Docker daemon socket to run privileged containers, mount the host filesystem, and obtain a root shell on the host. The guide covers enumeration, malicious API calls, container breakout techniques, and robust mitigations.
Mastering Google Advanced Search Operators for OSINT
Learn how to wield Googleβs powerful search operators-site:, inurl:, intitle:, intext:, filetype:, cache:, link:, related:, range:, before:, after:-to locate hidden assets, sensitive files, and misconfigurations. The guide covers combination techniques, quirks, automation, and defensive measures for security professionals.
API Endpoint Enumeration: From Discovery to Exploitation with Kiterunner, API-Guesser, Arjun & FuzzAPI
Learn how to systematically discover, enumerate, and fuzz API endpoints using DNS tricks, Swagger specs, GraphQL introspection, and automated tools like Kiterunner, API-Guesser, Arjun, and FuzzAPI. Includes practical code, defense tips, and real-world scenarios.
Cross-Site WebSocket Hijacking (CSWSH) - Exploitation Methodology
Learn how CSWSH works, how attackers force privileged WebSocket connections, bypass token checks, and how to defend against it with proper Origin validation, CSRF tokens, SameSite cookies, and CSP.
Intermediate Guide to Enumerating Amazon S3 Buckets
Learn practical techniques for discovering S3 buckets using AWS CLI, DNS tricks, open-source scanners, wordlist brute-forcing, and HTTP status analysis. Gain actionable insights to assess exposure and harden defenses.
Advanced Subdomain Takeover Exploitation and Persistence Guide
Learn how to discover, exploit, and maintain footholds on vulnerable subdomains across AWS, Azure, and GCP. The guide covers fingerprinting, payload crafting, automation, persistence, C2, and evasion techniques for seasoned offensive security professionals.
Finding Vulnerable Drivers on Windows Systems - A Practical Guide
Learn how to enumerate, analyze, and locate vulnerable Windows kernel drivers using built-in utilities, Sysinternals tools, and automated scripts. The guide covers metadata extraction, hash correlation with CVE sources, and defensive best practices.
Polyglot Files 101: Build a JPEG-PHP Hybrid for File-Upload Bypass
Learn how polyglot files work, explore JPEG internals, and craft a minimal JPEG+PHP file that executes on a vulnerable server. The guide covers signatures, embedding PHP in comments, verification, and bypassing basic content-type defenses.
Broken Logout Mechanisms: Logout CSRF & Token Reuse
Learn how missing CSRF protection on logout endpoints, token reuse, and double-submit cookie flaws enable attackers to force logouts, hijack sessions, and achieve full session fixation.
Scope & Rules of Engagement: From Bug Bounty to Enterprise Pentest
Learn how to define scope boundaries, craft ROE documents, secure legal authorizations, classify assets, manage communications, and handle scope changes for bug bounty programs and enterprise penetration tests.
Exploiting Broken Object Level Authorization (BOLA) in API-First Applications
Learn how BOLA weaknesses let attackers enumerate, access, and exfiltrate data from API-first services. The guide covers identifier theory, enumeration tactics, payload crafting, bypassing defenses, and chaining with other flaws for privilege escalation.
Direct System Prompt Override: DAN, Role Reversal & Exploitation Techniques
Learn how to hijack LLM system prompts using classic jailbreaks (DAN, Zero-Shot ReACT), role-reversal tricks, multi-stage chaining, and open-source model exploits, then walk through a lab that achieves arbitrary code execution via an LLM-driven tool.
Advanced Process Hollowing (RunPE) - Evasion Techniques & Real-World Exploit Walkthrough
Deep dive into creating a suspended process, unmapping its image, planting a malicious PE, manipulating thread context, and stealth tricks used by Cobalt Strike and custom malware. Includes post-exploitation C2 set-up.
Dirty COW (CVE-2016-5195) Exploitation Walkthrough
Dirty COW (CVE-2016-5195) Exploitation Walkthrough
Mastering SUID/GUID Binary Abuse for Linux Privilege Escalation
Learn how to locate, analyze, and exploit SUID/GUID binaries on Linux systems. This guide covers discovery, known vulnerable binaries, custom payload crafting, library hijacking, and defensive hardening.
Fileless PowerShell Reverse Shells via WMI & AMSI Bypass β Advanced Guide
Fileless PowerShell Reverse Shells via WMI and AMSI Bypass - An Advanced Guide
Intro to Heap Memory Layout & Allocation Strategies
Learn the fundamentals of Linux heap organization, ptmalloc2 internals, chunk metadata, and common allocation patterns. Ideal for security pros building a solid base for heap exploitation.
Union-based SQL Injection: Enumeration, Exploitation, and Defense
Learn how to identify, enumerate, and exploit UNION-based SQL injection vulnerabilities, craft payloads, use sqlmap, and apply robust mitigations.
Exporting Plaintext Passwords from LSASS via sekurlsa::logonpasswords
Exporting Plaintext Passwords from LSASS using sekurlsa::logonpasswords
Mastering GTFOBins: Elevating Privileges & Crafting Reverse Shells on Linux
GTFOBins: abusing common Linux binaries for privilege escalation and reverse shells
Getting Started with THC Hydra: Installation, Modules, and Basic Usage
Learn how to install THC Hydra across platforms, master its command syntax, select and tune modules, craft optimal password lists, run and interpret credential tests, and troubleshoot common issues. This intro-level guide equips security professionals with practical, actionable knowledge.
Wireshark Fundamentals for Offensive Recon: Capture & Filter Traffic
Wireshark Basics: Capturing and Filtering Traffic for Offensive Recon
Getting Started with Metasploit Exploit Modules: Architecture, Creation, and Testing
Learn the inner workings of Metasploit's exploit modules, how to build a simple module from scratch, configure its metadata and options, and validate it using msfconsole. Ideal for professionals with basic Linux and exploitation knowledge.
Exploiting Unrestricted File Upload: PHP Web Shell Delivery
Learn how to locate vulnerable upload endpoints, craft stealthy PHP web shells, bypass common filters, and achieve persistent remote access using real-world tools and techniques.
Advanced Bypass Techniques for Command Injection Filters
Learn how to evade common command-injection filters using whitespace tricks, null-byte termination, encoding tricks, base64 payloads, command chaining, obfuscation, alternate interpreters, and automated testing with Burp Suite.
Intro to Stack Buffer Overflows: From Memory Layout to Exploit
Learn how stack memory is organized, spot vulnerable buffers, calculate precise offsets, craft tiny shellcode, inject it, and hijack control flow on Linux. This guide gives you hands-on examples, tooling tips, and mitigation strategies.
Detecting Blind Command Injection with TimeβBased Payloads
Blind Command Injection: Detection via Time-Based Payloads
Command Injection Exploits with cURL & Netcat - Reverse Shell Guide
Learn how to weaponize OS command injection using cURL and Netcat to obtain reverse shells. The guide covers payload crafting for sh/bash/cmd, injection techniques, listener setup, filter bypasses, and reliability considerations.
Kerberoasting Deep Dive: Ticket Harvesting & Offline Cracking
Learn how Kerberoasting works, from Kerberos ticket flow to extracting TGS tickets, converting them for hashcat, detection, and mitigation strategies for enterprise environments.
Advanced DOM-Based XSS: Payloads, Bypass Techniques & Defenses
Deep dive into DOM-XSS attack surface, advanced payloads, filter evasion, automated discovery, and robust mitigations for security professionals.
Advanced OAuth 2.0 Authorization Code Flow Attacks & Defenses
Deep dive into sophisticated attacks on the OAuth 2.0 Authorization Code flow-including code interception, PKCE bypass, redirect manipulation, state weaknesses, token leakage, refresh token abuse, and client secret extraction-plus robust mitigation strategies.
Blind XXE Exploitation: Techniques, Chaining, and Hardening
Blind XXE Exploitation and Mitigations
Insecure Deserialization: Gadget Chains, Exploit Development, and Mitigations
Learn how insecure deserialization enables remote code execution through gadget chains, master discovery techniques for Java, PHP, and .NET, and apply defensive controls and detection methods to harden modern applications.
Advanced Web Cache Poisoning via Header Manipulation & Vary Bypass
Learn how HTTP header injection can corrupt cache keys, bypass Vary, and poison browsers, CDNs, and reverse proxies. Includes theory, exploitation steps, real-world cases, and hardening techniques.
Advanced JWT Attack Techniques: Algorithm & Key Confusion, Token Substitution
Deep dive into JWT attack vectors-algorithm confusion, key misuse, token substitution, JWK manipulation, storage flaws, and privilege escalation-plus detection, mitigation, and practical labs.
Advanced SSRF Exploitation of AWS Instance Metadata Service (IMDS)
Learn how SSRF can be leveraged to reach the AWS Instance Metadata Service, extract temporary IAM credentials, bypass IMDSv2, and pivot to full cloud account compromise. Includes attack techniques, detection, and hardening guidance for security teams.
Advanced HTTP Request Smuggling: Transfer-Encoding & Content-Length Desync Attacks
Deep dive into HTTP request smuggling mechanics, focusing on Transfer-Encoding vs. Content-Length conflicts, classic payload patterns, desynchronisation scenarios, exploitation steps, detection, mitigation, and real-world case studies.