“I write so others can skip the parts I had to figure out the hard way.”
Recent Posts
Part 1: Understanding Routes in Flask & Building Your First XSS-Vulnerable App
If you're getting into web security, at some point you have to stop just reading about vulnerabilities and actually build something broken with your own hands. That's the fastest way...
Why Pentesters Should Understand Backend Code
Most pentesters test web applications the same way - open Burp Suite, intercept requests, throw payloads, check responses. If something breaks, great. If not, move on. It works. But it...
I Turned a Client Admin Into a Superadmin With One Parameter Change
Hey everyone! I'm Husnain, a Jr. Penetration Tester, and during one of my recent engagements I came across a Vertical Privilege Escalation bug that honestly surprised me with how simple...
How I Turned a Low-Risk XSS into a Tenant-Wide Lockout
Hey everyone! I'm Husnain, a Jr. Penetration Tester, and I love sharing my experiences from real-world pentests. Today, I want to talk about something cool that happened in one of...
Reactor HTB – Machine Walkthrough
Hi everyone, in this Reactor HTB Machine, I will give u a detailed walkthrough to get the user and root flag in this machine, so sit back and read! π...
Content Discovery – TryHackMe Walkthrough
Content discovery is about finding things on a web server that aren't meant to be publicly visible - hidden directories, sensitive files, old endpoints, subdomains, and misconfigured paths. This TryHackMe...
How I’d Learn Ethical Hacking in 2026 If I Started Over
Let me be straight with you. Most "ethical hacking roadmaps" online are either too vague, outdated, or written by someone who hasn't actually done the work. I've been there, I...
KoBold HTB – Machine Walkthrough
Hi everyone, in this Kobold HTB Machine, I will give u a detailed walkthrough to get the user and root flag in this machine, so sit back and read! Reconnaissance...
Why Most Cybersecurity Certifications Are a Waste of Time (And Which Ones Aren’t)
Let me be real with you. I have seen a lot of people in this field: beginners, students, even some experienced folks, chasing certifications like they are some kind of...
Will AI Replace Pentesters? A Pentester’s Honest Take
Hi guys! and future hackers! Will AI replace pentesters? As a Jr. Penetration Tester, I want to give you my honest take so you can better understand where things actually...
