Blog
Security Research & Writeups
HTB: Facts
Facts is a HackTheBox Windows machine rated as Easy difficulty that presents an interesting challenge involving a web CMS exploit and linux misconfiguration for PrivEsc.
Read More →HTB: Overwatch
HTB Overwatch walkthrough: HackTheBox Windows machine solution with locked content for security. Medium difficulty box involving WCF, SOAP, and MSSQL exploitation techniques with restricted access per HTB policy.
Read More →HTB: Imagery
HTB Imagery walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the Imagery penetration testing challenge with restricted access per HTB policy.
Read More →HTB: AirTouch
HTB AirTouch walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the AirTouch penetration testing challenge with restricted access per HTB policy.
Read More →Recon: SNMP Enumeration Leading to Credential Disclosure
SNMP reconnaissance technique walkthrough: How poor SNMP configuration leads to credential disclosure and system compromise. Learn enumeration methods, MIB walking, and defensive hardening strategies for network management protocols.
Read More →HTB: monitorsfour
HTB monitorsfour walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the monitorsfour penetration testing challenge with restricted access per HTB policy.
Read More →HTB: Browsed
HTB Browsed walkthrough: HackTheBox machine solution with locked content for security. Overview of machine details and walkthrough structure for the Browsed penetration testing challenge with restricted access per HTB policy.
Read More →SMBv1: The Protocol That Enabled EternalBlue
An exploration of SMBv1's vulnerabilities, how EternalBlue exploited them, and the lasting impact on cybersecurity practices.
Read More →My First 3 Months with the NSW State Emergency Service
Reflections on my first three months with the NSW State Emergency Service, training and responding as part of a Road Crash Rescue unit.
Read More →HTB Sherlock - MangoBleed
DFIR analysis of a compromised MongoDB server to investigate MangoBleed vulnerability exploitation, identify attacker activity, and perform rapid triage analysis of collected artifacts.
Read More →HTB Sherlock - Unit 42: Sysmon Log Analysis & UltraVNC Intrusion Detection
DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.
Read More →POC CVE-2025-49144: Binary Planting via Unqualified Executable Search Path
Proof-of-Concept demonstrating binary planting vulnerability through insecure executable search path in Notepad++ installer, leading to arbitrary code execution with elevated privileges.
Read More →Windows 11 Native Sysmon: Built-In Telemetry Without the Deployment Pain
Microsoft is integrating Sysmon directly into Windows 11 and Windows Server 2025, eliminating manual deployments and giving defenders richer telemetry, simpler reporting, and faster threat visibility.
Read More →HTB - TwoMillion
A walkthrough of the HTB TwoMillion machine, covering API enumeration, ROT13 decoding, privilege escalation, command injection, and CVE-2023-0386 kernel exploit.
Read More →ISM-0534 Implementation Guide: Disabling Unused Physical Ports
ISM-0534 implementation guide: Disable unused physical ports on network devices. Complete configuration guidance for switches, routers, and network infrastructure. Step-by-step instructions for blue team security implementation and compliance.
Read More →Secure by Design, Secure by Default
Explore the fundamental principles of secure by design and secure by default methodologies. Learn how to build security into systems from the ground up, implement defense in depth, and create inherently secure architectures that protect against modern cyber threats.
Read More →HTB: Holmes CTF 2025
Bit of fun in the Holmes CTF.
Read More →HTB - Previous
HTB Previous walkthrough: HackTheBox Medium Linux machine solution with locked content for security. Overview of machine details, difficulty level, and walkthrough structure for the Previous penetration testing challenge with restricted access.
Read More →HTB - BountyHunter
A comprehensive walkthrough of the HTB BountyHunter machine, demonstrating XXE vulnerability exploitation and web application security testing. This guide covers enumeration, exploitation, and privilege escalation techniques for cybersecurity professionals.
Read More →HTB - CodePartTwo
A comprehensive walkthrough of the HTB CodeTwo machine, covering enumeration, exploitation, and privilege escalation techniques. This guide provides step-by-step instructions for cybersecurity professionals and penetration testing enthusiasts.
Read More →The best 6 months of my career
Career highlights at CrowdStrike: My experience working in the Falcon Complete Team, interview process, onboarding, daily responsibilities, and career growth in cybersecurity SOC operations.
Read More →Alternate Data Streams
A comprehensive guide to NTFS Alternate Data Streams (ADS), covering exploitation techniques, detection methods, and blue team strategies. Learn how attackers hide malicious payloads and how defenders can identify and mitigate these stealthy techniques.
Read More →CVE-2025-29927
Analysis and details of CVE-2025-29927 vulnerability. This post covers the security implications, affected systems, and mitigation strategies for this cybersecurity vulnerability.
Read More →HoneySOC
A hands-on honeypot project combining web-exposed servers with CrowdStrike EDR for cybersecurity skill development. This project demonstrates deception techniques, threat detection, and SOC monitoring through practical honeypot implementation.
Read More →Practical ISM E01: Guidelines for system monitoring
Learn how to implement comprehensive logging and monitoring policies that meet Australian Government ISM requirements, including control implementation, log management, and security monitoring best practices.
Read More →ISM-1717 Implementation Guide: Security.txt File Requirements
ISM-1717 security.txt implementation guide: Complete requirements for hosting security contact files at /.well-known/security.txt. RFC 9116 compliance, web server configuration, and security policy implementation for organizations and cybersecurity compliance.
Read More →System Monitor (Sysmon)
System Monitor (Sysmon) is a Windows system service and device driver that monitors and logs system activity to the Windows event log, providing detailed information about process creation, network connections, and file changes.
Read More →Cybersecurity Basics: A Beginner's Guide to Digital Security
An introductory guide to cybersecurity fundamentals, covering essential concepts like the CIA triad, common threats, and security best practices. This beginner-friendly resource provides a solid foundation for understanding digital security principles and protecting against cyber threats.
Read More →XXE Attacks: Understanding and Exploiting XML External Entity Vulnerabilities
XXE attacks guide: Learn XML External Entity vulnerabilities, exploitation techniques, file disclosure, SSRF, and mitigation strategies. Comprehensive coverage of XXE attack vectors, real-world examples, and security best practices for web application security.
Read More →Draft: Assessing systems against the ISM
Learn how to assess systems against the Australian Government Information Security Manual (ISM) controls, including methodology, tools, and best practices for compliance evaluation.
Read More →ISM-0657 Implementation Guide
ISM-0657 implementation guide: Manual data import scanning for malicious content control. Implementation guidance, requirements, and testing procedures for ISM cybersecurity controls and data security scanning for blue team security.
Read More →Windows Event ID 4624: Successful Logon Analysis
Windows Event ID 4624 guide: Complete analysis of successful logon events, logon types (interactive, network, RDP), security monitoring, and blue team detection techniques for Windows authentication events and security monitoring.
Read More →DRAFT: OSQuery
Learn about OSQuery, the open-source operating system instrumentation framework for monitoring and querying system information across multiple platforms.
Read More →System Alpha
System Alpha is a baseline reference system used across multiple blog posts and implementation guides to demonstrate ISM compliance, security configurations, and practical cybersecurity implementations.
Read More →TPM: Trusted Platform Module
Learn about Trusted Platform Module (TPM) technology, its role in hardware-based security, and how it enhances system protection through cryptographic functions and secure key storage.
Read More →How I Passed the OSCP with 110 Points
A personal journey through OSCP certification preparation, sharing the study methods, resources, and timeline that led to success. This guide covers PWK labs, Proving Grounds practice, HackTheBox machines, and the proven methodology that helped achieve 110 points in 7 months.
Read More →