Categories
- XSS
- aitm
- bash
- connectivity
- detection
- dns
- encryption
- exfiltration
- exploit
- infrastructure
- initial access
- lolbas
- metasploit
- obfuscation
- pentest
- phishing
- powershell
- privilege escalation
- python
- recon
- redteam
- reverse shell
- smuggling
- ssrf
- steganography
- training
- web
- windows
In "XSS"
-
Controlling XSS Using A Secure WebSocket CLI - 07 Apr 2025
When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently?... -
Building A Pattern-based XSS Recon Tool - 17 Mar 2025
Even with excellent tools available, I often find myself enjoying the process of building my... -
Visualizing XSS With Unusual Payloads - 01 Mar 2025
Typically, demonstrating Cross-Site Scripting (XSS) vulnerabilities involves one of two approaches: Look, I made your... -
Python Powered XSS Server - 23 Feb 2025
So, are you ready to mess around with Cross-Site Scripting and Python? Before we start,...
In "aitm"
-
Behind the Scenes of Advanced Adversary in The Middle Techniques - 20 Jan 2026
Phishing remains a very relevant attack vector used in the wild. Up to 60% of...
In "bash"
-
Bypassing SSRF Filters Using A Dynamic Subdomain Powered Gateway - 12 Sep 2025
Sometimes when testing a web application, you may get pretty confident about a possible SSRF... -
Automating Metasploit Setup For Practice Boxes - 07 May 2025
While experimenting with labs on platforms like OffSec, THM or HTB I kept doing the...
In "connectivity"
-
Testing Ports For A Reverse Shell - 09 Jan 2025
Ever had that moment where you’re having a blast on a platform like HTB or...
In "detection"
-
Detecting Bots By Analyzing Their HTTP Requests - 26 Jan 2026
In the first deep dive of this blog series, we want first want to explore...
In "dns"
-
Bypassing SSRF Filters Using A Dynamic Subdomain Powered Gateway - 12 Sep 2025
Sometimes when testing a web application, you may get pretty confident about a possible SSRF...
In "encryption"
-
Locking A Reverse Shell With A Certificate-based Challenge - 31 Jul 2025
As you may conclude from my post history, I like playing around with reverse shells....
In "exfiltration"
-
Ancillary chunks are a perfect place to stock away sensitive info - 21 Nov 2025
At last, it is time for part three of “Hiding Data In Plain Sight”! Previously,... -
Using LSB To Hide Data In My Socks - 01 Mar 2025
Well, that’s a bit of a weird title, maybe it needs some context. In this... -
Python Powered XSS Server - 23 Feb 2025
So, are you ready to mess around with Cross-Site Scripting and Python? Before we start,... -
Hiding Data In Response Headers - 22 Jan 2025
In this multi-part post, I’m going to explore custom implementations of obfuscation and a bit...
In "exploit"
-
Standalone Python Proof of Concept Exploits - 08 Jun 2025
Lately I’ve been playing around with fully standalone, zero-to-hero proof of concept exploits in Python....
In "infrastructure"
-
Detecting Bots By Analyzing Their HTTP Requests - 26 Jan 2026
In the first deep dive of this blog series, we want first want to explore...
In "initial access"
-
Behind the Scenes of Advanced Adversary in The Middle Techniques - 20 Jan 2026
Phishing remains a very relevant attack vector used in the wild. Up to 60% of...
In "lolbas"
-
Crafted File Download Using Wmplayer - 14 Dec 2024
Recently I found a way to download crafted files with wmplayer.exe, the legacy Windows Media...
In "metasploit"
-
Automating Metasploit Setup For Practice Boxes - 07 May 2025
While experimenting with labs on platforms like OffSec, THM or HTB I kept doing the...
In "obfuscation"
-
Using valid ancillary chunks to smuggle data to an endpoint - 05 Jan 2026
A while back we did some research into using custom ancillary chunks to hide arbitrary... -
Ancillary chunks are a perfect place to stock away sensitive info - 21 Nov 2025
At last, it is time for part three of “Hiding Data In Plain Sight”! Previously,... -
Using LSB To Hide Data In My Socks - 01 Mar 2025
Well, that’s a bit of a weird title, maybe it needs some context. In this... -
Hiding Data In Response Headers - 22 Jan 2025
In this multi-part post, I’m going to explore custom implementations of obfuscation and a bit... -
Manual Obfuscation In PowerShell - 22 Dec 2024
Through Capture the Flag challenges and experimenting with AMSI, I’ve picked up a few tricks...
In "pentest"
-
Controlling XSS Using A Secure WebSocket CLI - 07 Apr 2025
When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently?... -
Building A Pattern-based XSS Recon Tool - 17 Mar 2025
Even with excellent tools available, I often find myself enjoying the process of building my... -
Visualizing XSS With Unusual Payloads - 01 Mar 2025
Typically, demonstrating Cross-Site Scripting (XSS) vulnerabilities involves one of two approaches: Look, I made your... -
Python Powered XSS Server - 23 Feb 2025
So, are you ready to mess around with Cross-Site Scripting and Python? Before we start,... -
Hiding Data In Response Headers - 22 Jan 2025
In this multi-part post, I’m going to explore custom implementations of obfuscation and a bit... -
Testing Ports For A Reverse Shell - 09 Jan 2025
Ever had that moment where you’re having a blast on a platform like HTB or...
In "phishing"
-
Behind the Scenes of Advanced Adversary in The Middle Techniques - 20 Jan 2026
Phishing remains a very relevant attack vector used in the wild. Up to 60% of...
In "powershell"
-
Locking A Reverse Shell With A Certificate-based Challenge - 31 Jul 2025
As you may conclude from my post history, I like playing around with reverse shells.... -
Vanilla PowerShell Reverse Shell Using SMTP - 30 Mar 2025
Lately, as you may have noticed, I’ve been delving into the world of custom PowerShell... -
Vanilla PowerShell Reverse Shell Using ICMP - 20 Mar 2025
After recently creating a PowerShell reverse shell using WebSockets, I figured I could push this... -
Manual Obfuscation In PowerShell - 22 Dec 2024
Through Capture the Flag challenges and experimenting with AMSI, I’ve picked up a few tricks...
In "privilege escalation"
-
Advanced Silent Python Path Hijacking - 14 Oct 2025
Back in march I did some research into (silent) Python path hijacking. As a proof... -
Silent Python Path Hijacking - 19 Mar 2025
Python’s import system allows for the possibility of intercepting the loading process of a module,...
In "python"
-
Ancillary chunks are a perfect place to stock away sensitive info - 21 Nov 2025
At last, it is time for part three of “Hiding Data In Plain Sight”! Previously,... -
Advanced Silent Python Path Hijacking - 14 Oct 2025
Back in march I did some research into (silent) Python path hijacking. As a proof... -
Bypassing SSRF Filters Using A Dynamic Subdomain Powered Gateway - 12 Sep 2025
Sometimes when testing a web application, you may get pretty confident about a possible SSRF... -
Locking A Reverse Shell With A Certificate-based Challenge - 31 Jul 2025
As you may conclude from my post history, I like playing around with reverse shells.... -
Standalone Python Proof of Concept Exploits - 08 Jun 2025
Lately I’ve been playing around with fully standalone, zero-to-hero proof of concept exploits in Python.... -
Controlling XSS Using A Secure WebSocket CLI - 07 Apr 2025
When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently?... -
Silent Python Path Hijacking - 19 Mar 2025
Python’s import system allows for the possibility of intercepting the loading process of a module,... -
Building A Pattern-based XSS Recon Tool - 17 Mar 2025
Even with excellent tools available, I often find myself enjoying the process of building my... -
Using LSB To Hide Data In My Socks - 01 Mar 2025
Well, that’s a bit of a weird title, maybe it needs some context. In this... -
Visualizing XSS With Unusual Payloads - 01 Mar 2025
Typically, demonstrating Cross-Site Scripting (XSS) vulnerabilities involves one of two approaches: Look, I made your... -
Python Powered XSS Server - 23 Feb 2025
So, are you ready to mess around with Cross-Site Scripting and Python? Before we start,...
In "recon"
-
Building A Pattern-based XSS Recon Tool - 17 Mar 2025
Even with excellent tools available, I often find myself enjoying the process of building my...
In "redteam"
-
Ancillary chunks are a perfect place to stock away sensitive info - 21 Nov 2025
At last, it is time for part three of “Hiding Data In Plain Sight”! Previously,... -
Controlling XSS Using A Secure WebSocket CLI - 07 Apr 2025
When experimenting with Cross-Site Scripting (XSS), what’s the quickest way to test multiple payloads efficiently?... -
Vanilla PowerShell Reverse Shell Using SMTP - 30 Mar 2025
Lately, as you may have noticed, I’ve been delving into the world of custom PowerShell... -
Vanilla PowerShell Reverse Shell Using ICMP - 20 Mar 2025
After recently creating a PowerShell reverse shell using WebSockets, I figured I could push this... -
Using LSB To Hide Data In My Socks - 01 Mar 2025
Well, that’s a bit of a weird title, maybe it needs some context. In this... -
Python Powered XSS Server - 23 Feb 2025
So, are you ready to mess around with Cross-Site Scripting and Python? Before we start,... -
Hiding Data In Response Headers - 22 Jan 2025
In this multi-part post, I’m going to explore custom implementations of obfuscation and a bit... -
Testing Ports For A Reverse Shell - 09 Jan 2025
Ever had that moment where you’re having a blast on a platform like HTB or... -
Manual Obfuscation In PowerShell - 22 Dec 2024
Through Capture the Flag challenges and experimenting with AMSI, I’ve picked up a few tricks... -
Crafted File Download Using Wmplayer - 14 Dec 2024
Recently I found a way to download crafted files with wmplayer.exe, the legacy Windows Media...
In "reverse shell"
-
Locking A Reverse Shell With A Certificate-based Challenge - 31 Jul 2025
As you may conclude from my post history, I like playing around with reverse shells.... -
Standalone Python Proof of Concept Exploits - 08 Jun 2025
Lately I’ve been playing around with fully standalone, zero-to-hero proof of concept exploits in Python.... -
Vanilla PowerShell Reverse Shell Using SMTP - 30 Mar 2025
Lately, as you may have noticed, I’ve been delving into the world of custom PowerShell... -
Vanilla PowerShell Reverse Shell Using ICMP - 20 Mar 2025
After recently creating a PowerShell reverse shell using WebSockets, I figured I could push this... -
Testing Ports For A Reverse Shell - 09 Jan 2025
Ever had that moment where you’re having a blast on a platform like HTB or...
In "smuggling"
-
Using valid ancillary chunks to smuggle data to an endpoint - 05 Jan 2026
A while back we did some research into using custom ancillary chunks to hide arbitrary...
In "ssrf"
-
Bypassing SSRF Filters Using A Dynamic Subdomain Powered Gateway - 12 Sep 2025
Sometimes when testing a web application, you may get pretty confident about a possible SSRF...
In "steganography"
-
Ancillary chunks are a perfect place to stock away sensitive info - 21 Nov 2025
At last, it is time for part three of “Hiding Data In Plain Sight”! Previously,... -
Using LSB To Hide Data In My Socks - 01 Mar 2025
Well, that’s a bit of a weird title, maybe it needs some context. In this... -
Hiding Data In Response Headers - 22 Jan 2025
In this multi-part post, I’m going to explore custom implementations of obfuscation and a bit...
In "training"
-
Standalone Python Proof of Concept Exploits - 08 Jun 2025
Lately I’ve been playing around with fully standalone, zero-to-hero proof of concept exploits in Python.... -
Automating Metasploit Setup For Practice Boxes - 07 May 2025
While experimenting with labs on platforms like OffSec, THM or HTB I kept doing the...
In "web"
-
Using valid ancillary chunks to smuggle data to an endpoint - 05 Jan 2026
A while back we did some research into using custom ancillary chunks to hide arbitrary...
In "windows"
-
Manual Obfuscation In PowerShell - 22 Dec 2024
Through Capture the Flag challenges and experimenting with AMSI, I’ve picked up a few tricks... -
Crafted File Download Using Wmplayer - 14 Dec 2024
Recently I found a way to download crafted files with wmplayer.exe, the legacy Windows Media...