📚 CTF Writeups Collection
Detailed walkthroughs and writeups from HackTheBox and TryHackMe machines. Covers privilege escalation, web exploitation, Active Directory attacks, and forensics challenges — shared with the community.
Project Overview
In the cybersecurity field, the best way to prove practical capability is by demonstrating the thought process behind exploiting complex vulnerabilities. This project is a curated repository of my personal Capture The Flag (CTF) writeups across platforms like HackTheBox, TryHackMe, and independent security competitions.
The writeups are formatted not just as solutions, but as educational guides designed to help junior analysts understand the underlying mechanisms, enumeration strategies, and the remediation techniques for each identified vulnerability.
Technical Implementation
The repository covers a vast array of topics spanning both Web Application Security and Network Penetration Testing.
Key methodologies documented include detailed `nmap` port enumeration, web fuzzing with `ffuf`, local file inclusion (LFI) escalation paths, SQL injection (SQLi) data extraction, and Active Directory exploitation via techniques like AS-REP Roasting and Kerberoasting using Impacket. Each writeup specifically highlights the commands executed, the rationale for trying particular attack vectors, and the resulting indicator of compromise (IoC) left behind.
Key Features / Findings
- Step-by-step methodologies from initial reconnaissance to root compromise.
- Coverage of both Linux and Windows environment privilege escalation.
- Extensive documentation of Active Directory (AD) attacks.
- Clear Markdown formatting with code blocks, screenshots, and command syntax.
- Embedded 'Remediation Advice' section for every compromised machine.