Machine: Ignite Introduction Ignite starts with a public web exploit, but that is not what made the box interesting to me. The initial foothold came from Fuel CMS, yet the part worth paying atten...

Home Lab architecture Proxmox host running three VMs and one LXC container Proxmox Home Assistant VM Home Assistant OS Media Server VM ...

Machine: Simple CTF Introduction Simple was the kind of target I like documenting because it was not about exotic exploitation or a long chain of tricks. The machine fell by following a narrow se...

The Problem When solving CTF challenges, I kept running into the same issue managing notes and tracking the attack flow was a mess. I tried Notion. I tried Notepad. Neither felt right. I like thin...

Machine: Agent Sudo Introduction Agent Sudo is a good example of how small signals become useful only after they survive verification. The room never handed over a clean path up front. It started...

If you run a home lab long enough, something will break. Not might. Will. An update that silently corrupts a config, a service that refuses to come back up after a reboot, a migration that goes si...

Machine: Bounty Hacker Introduction Bounty Hacker is a small Linux target built around a very practical compromise path. There was no unusual exploit involved in the initial foothold. Instead, th...

Machine: RootMe Introduction RootMe is a small Linux target, but it is a good example of how a couple of ordinary mistakes can line up into full compromise. The foothold came from a file upload f...

Machine: TryHackMe - Brooklyn Nine Nine Introduction A room named Brooklyn Nine Nine was always likely to lean into the theme a little, and this one did. The host was not difficult in a technical...

Machine: TryHackMe – Basic Pentesting Introduction Basic Pentesting is a good example of a machine where the attack surface looks broader than the path that actually matters. The target exposed w...