A TryHackMe room where a resume download button hides an SSRF sink that chains into source code disclosure, an admin bypass, and a Werkzeug debugger takeover.

mrKit rootkit challenge writeup: Analyzing a custom Linux kernel module with ftrace hooks for privilege escalation and file hiding, recovering the hidden flag.

Tayba App challenge writeup: TOTP secret derivation from predictable HMAC and privilege escalation to admin.

TryHackMe Operation Endgame walkthrough with Kerberoasting, BloodHound, GenericWrite and DA.

Room: Facts In this machine, we begin by performing network reconnaissance and quickly identify a web application running Camaleon CMS 2.9.0 along with an additional service exposed on port 54321....

Room: Snapped Phish-ing Line Scenario SwiftSpend Financial employees reported suspicious emails. Some users already submitted credentials and could no longer log in. Goal: analyze the phishing em...

This room is part of the Network Security module on TryHackMe. The objective is to practice methodical network enumeration, service discovery, banner inspection, and identifying misconfigurations t...

Hello, I’m khyrr welcome to my personal blog. I’ll be using this space to share short notes and, primarily, writeups and walkthroughs of TryHackMe rooms, CTF challenges, and other security-related...