OSCP
OffSec - Air
Air is an intermediate-level box in the OffSec Playground. Just a heads-up for this walk-through: I’ll jump straight into the steps to get a foothold on
1337 Sheets
1337 or Elite, The Cybersecurity write-ups for the true cyber e1ite! Offsec, Hack The Box, and more🕵️‍♂️ Whether you're diving into the latest exploits or sharpening your skills 🛠️.
Trending
01
02
03
04
05
06
Hack The Box - HTB Checkpoint Writeup - Medium - Weekly - June 13th, 2026
Hack The Box - HTB Connected Writeup - Easy - Weekly - June 06th, 2026
Hack The Box - HTB DevHub Writeup - Medium - Weekly - May 31th, 2026
Hack The Box - HTB Reactor Writeup - Easy - Weekly - May 23th, 2026
Hack The Box - HTB SmartHire Writeup - Medium- Weekly - May 16th, 2026
Hack The Box - HTB Helix Writeup - Medium- Weekly - May 8th, 2026
Latest
cybersecurity
OffSec - Access
Alright, let’s dive into this box, which officially sits at an intermediate level on Offsec’s Playground called "Access". But here’s the catch: the community collectively
WindowsShortcut
Hack-The-Boo-2024 Practice CTF: The Shortcut Haunting Write-up
Introduction In this challenge, I investigated a suspicious Windows shortcut file named trick or treat.lnk. A .lnk file, also known as a Windows Shortcut file, is a file that
offsec
OffSec - Bunyip
OffSec - Bunyip Walkthrough In this walkthrough, we’ll exploit an MD5 length extension vulnerability in a web application to gain initial access. From there, we’ll abuse sudo privileges on
cybersecurity
OffSec - vmdak
Walkthrough of vmdak Introduction Hello everyone! I'm back with another walkthrough. This time, I tackled "VMDak," an intermediate-level Linux box from OffSec Proving Grounds. This
cybersecurity
OffSec - BillyBoss
Walkthrough of BillyBoss Introduction This write-up details an intermediate-level box from Offsec's labs, rated as "Very Hard" by the community. The lab can be
cybersecurity
OSTH Practice Exam Write-up
Overview This is a hands-on, simulated threat hunting sprint set within the fictional enterprise network of Megacorp One. This is a relevant and similar to what you might expect
cybersecurity
OffSec - PlanetExpress
Walkthrough for PlanetExpress Summary In this walkthrough, we will exploit an exposed PHP-FPM FastCGI implementation to gain an initial foothold. We will then escalate privileges by exploiting a misconfiguration
HackTheBoo2024
Hack-The-Boo-2024 Practice CTF: Sugar Free Candies Write-up
Challenge Overview Challenge Name Category Difficulty Link Sugar Free Candies Crypto Very Easy Link to Challenge Description For years, strange signals pulsed through the air on the eve of October
Caesar
Hack-The-Boo-2024 Practice: Sekur Julius Writeup
Challenge Overview Challenge Name Category Difficulty Link Sekur Julius Crypto Very Easy Link to Challenge Description Hidden deep in the forest was an ancient scroll, rumored to grant immense power
malware detection
OffSec Module: Malware Detection using Machine Learning
Co-authored by Iftekharul Haque (Hawk) Here, we first choose what kind of machine learning model we want to use in this process. As anyone with some little machine learning
endpoint security
Hunting on Endpoints: Insights from OffSec TH-200 Course module 5 Section 1
In today’s world, our workstations, servers, and mobile devices are more vulnerable than ever. They are prime targets for cybercriminals looking to execute malicious code and infiltrate networks. With
ransomware
Threat Hunting With Network: Insights from OffSec TH-200 Course module 4
In this write-up, we will explore how to effectively hunt for ransomware from a network perspective, focusing on identifying Indicators of Compromise (IoCs) related to LockBit ransomware. The scenario
threat
Communication and Reporting for Threat Hunters: Insights from OffSec TH-200 Course module 3
In today’s complex cybersecurity landscape, no organization can afford to work in isolation. For threat hunters, success hinges on two key factors: timely intelligence and effective communication. In Module
web
PicoCTF - trickster
This is a challenge from picoCTF titled 'trickster' from web exploitation category. It's needless to say that this one is a little trickier as the name
