Blog
Writeups, research, and technical deep-dives.
Subdomain Recon Script: combining chaos, subfinder, amass and more
🔍 Introduction
p0wny-shell: full control with a simple PHP web shell
🔓 What is p0wny-shell?
Critical IDOR in GraphQL: From Nuclei Scan to Full Cart Takeover
How a single missing permission check allowed me to read and modify any customer cart on the target shop.
Claude 4 Opus: Ultimate Cybersecurity Guardian or Silent Enemy?
Anthropic’s Claude 4 Opus isn’t just advanced AI: it’s an autonomous agent that could shield your data or tear down your defenses. What happens when your greatest tech ally beco...
Why Oniux Beats VPNs: The Ultimate Linux Privacy Tool from Tor
Tired of VPNs selling your data? Discover Oniux, a Linux tool that isolates apps and routes all traffic through Tor for real, leak-proof privacy.
Introducing Fuzzstorm: The Ultimate Fuzzing Tool with Soft 404 Detection and Stunning HTML Reports
Discover Fuzzstorm, a new fuzzing tool designed to simplify web application testing with comprehensive scans, unique soft 404 detection, and beautiful HTML reports for easy resu...
How the LockBit Group Operates with Its Victims: An Analysis of Their Conversations
An in-depth analysis of the LockBit ransomware group's tactics, victim negotiations, and affected companies based on leaked documents.
TryHackMe Smol Writeup
Step-by-step guide to compromising the Smol machine via a vulnerable WordPress plugin and escalating through multiple users to root.
User Manual for loxs (adperem Fork)
A comprehensive guide to using the loxs tool (adperem fork), an enhanced automation utility with Tor traffic routing.
TryHackMe Billing Writeup
Walkthrough of the Billing machine showing enumeration, exploitation of MagnusBilling for a shell, and privilege escalation via fail2ban.