Writeups

A curated collection of practical writeups from the labs and platforms I use to sharpen my offensive security skills.

This section works as a central index for my walkthroughs, notes, and post-exploitation practice across different platforms. Each entry links to a dedicated markdown page where I document the methodology, tools, findings, and lessons learned during the exercise.

The goal is not only to keep a personal knowledge base, but also to build a structured archive of hands-on work that reflects how I approach enumeration, exploitation, privilege escalation, and reporting in controlled lab environments.

🐳 Dockerlabs

🐱‍💻 HackMyVM

🟩 HTB

🕷️ PortSwigger Web Security Academy

SQL Injection

Cross-Site Scripting (XSS)

CSRF

Clickjacking

DOM-based vulnerabilities

CORS

XXE

SSRF

HTTP Request Smuggling

SSTI

Path Traversal

Access control vulnerabilities

Authentication vulnerabilities

WebSockets

Web cache poisoning

Insecure deserialization

Information disclosure

Business logic vulnerabilities

HTTP Host header attacks

OAuth authentication

File upload vulnerabilities

JWT

Prototype Pollution

GraphQL API vulnerabilities

Race Conditions

NoSQL Injections

API Testing

Web LLM attacks

More writeups will be added over time as I continue documenting labs, refining methodology, and turning hands-on practice into structured notes.