Writeups, research, and technical notes from a Senior Security Consultant and competitive CTF player based in Singapore.
IDOR (Insecure Direct Object Reference) / BOLA (Broken Object Level Authorization) is consistently one of the most impactful vulnerabilities in modern appl…
Network traffic analysis is essential for understanding protocols, capturing credentials in transit, and diagnosing network segmentation. Wireshark gives you a …
SQLMap automates SQL injection detection and exploitation. Knowing its options deeply separates a quick scan from a thorough assessment.
Password cracking turns captured hashes into credentials. Hashcat uses GPU acceleration for speed; John the Ripper is flexible and cross-platform. Both are esse…
Subdomain enumeration expands your attack surface. Dev servers, staging environments, forgotten admin panels, and legacy applications all live on subdomains.
Open Source Intelligence is the first phase of any engagement. The goal is to discover as much about a target as possible without touching their infrastructure.
PowerShell is the native offensive language on Windows. Deep OS integration, .NET access, and living-off-the-land capability make it indispensable for post-expl…
BloodHound visualizes Active Directory as a graph, revealing attack paths that are otherwise invisible. One Cypher query can expose a path from a compromised he…
CrackMapExec (CME) is the Swiss Army knife for Windows network pentesting. It automates credential spraying, lateral movement, and post-exploitation across enti…
Active Directory is the backbone of Windows enterprise environments and a high-value target during engagements. This post covers the most impactful AD attack te…