/Recent content on Tyler VaughanHugoen-usFri, 12 Jun 2026 00:00:00 +0000/writeups/htb-sandworm-ssti-to-root-via-rust-crate-hijacking/Fri, 12 Jun 2026 00:00:00 +0000/writeups/htb-sandworm-ssti-to-root-via-rust-crate-hijacking/A walkthrough of HackTheBox Sandworm, demonstrating a PGP-based SSTI foothold, lateral movement through Rust crate hijacking, and privilege escalation via CVE-2022-31214 in Firejail./blog/my-oscp-journey-preparation-failure-and-what-finally-got-me-certified/Mon, 08 Jun 2026 00:00:00 +0000/blog/my-oscp-journey-preparation-failure-and-what-finally-got-me-certified/How I failed the OSCP, what I changed, and what I would tell someone earlier in that same process./writeups/htb-forest-as-rep-roasting-to-domain-admin/Fri, 08 May 2026 00:00:00 +0000/writeups/htb-forest-as-rep-roasting-to-domain-admin/A walkthrough of HackTheBox Forest, demonstrating an AS-REP roast → BloodHound → DCSync attack chain on a misconfigured Active Directory environment./blog/why-im-building-this-site/Thu, 07 May 2026 00:00:00 +0000/blog/why-im-building-this-site/A short note on why I’m investing in a personal site as I push toward an offensive security career./about/Mon, 01 Jan 0001 00:00:00 +0000/about/Who am I My name is Tyler Vaughan. I am an aspiring security professional focused on penetration testing, vulnerability analysis and vulnerability research. What I do I spend most of my time on hands-on security work: testing web applications (Legally), working through CTF challenges, and digging into how systems break. Documenting my workflow and refining my methodology. Why write-ups Anyone can run a tool. The harder skill is explaining why a vulnerability matters, how it was found, and what a defender should do about it in a language a non-technical person can understand./achievements/Mon, 01 Jan 0001 00:00:00 +0000/achievements//htb/Mon, 01 Jan 0001 00:00:00 +0000/htb/HackTheBox activity, season rank, and skill breakdown - updated every 6 hours.