CTF Writeups

Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).


An easy Linux box from HackTheBox, get run around rabbit holes until finally discover a subdomain with a LFI, grab a SSH key and use that for initial access, then exploit a vulnerable configuration of fail2ban for root.

Read more →


A medium Windows box from HackTheBox, get initial access by resetting the password of another user on a site with CSRF, then get creds by logging in as them that allow you to get a reverse shell and escalate to administrator by finding creds in an instance of bash for windows.

Read more →