On May 4th, I earned the Certified Red Team Operator (CRTO) certification. This post covers my experience completing the CRTO, the challenges I faced, and my overall impression of the certification process.

This article discloses the discovery, exploitation and responsible disclosure of an authenticated command injection zero-day vulnerability in the CyberPanel software solution

This article discloses the discovery, exploitation and responsible disclosure of an authenticated command injection zero-day vulnerability in the TP-Link Archer router series

This article delves into the techniques utilized by threat actors while navigating a company’s network laterally. Its objective is to assist network administrators in comprehending the risks tied to lateral movement, unraveling the process, and outlining preventive measures.

This article explores the exploitation of the EchOh-No vulnerability regarding the kernel driver of an anticheat tool used for Minecraft, Rust, FiveM and Roblox. The primary objective of this exploit is to disable antivirus and/or endpoint detection and response (EDR) defenses present on computer systems. The feasibility of this objective is demonstrated through the use of a Proof-of-Concept (PoC).