// writeups

Writeups

Detailed walkthroughs of CTF challenges, vulnerability research, and pentesting labs.

2026.06.12 htb · web · ssti · firejail · rust · linux · medium

HTB: Sandworm — SSTI to Root via Rust Crate Hijacking

A walkthrough of HackTheBox Sandworm, demonstrating a PGP-based SSTI foothold, lateral movement through Rust crate hijacking, and privilege escalation via CVE-2022-31214 in Firejail.

2026.05.08 htb · active-directory · kerberos · bloodhound

HTB: Forest — AS-REP Roasting to Domain Admin

A walkthrough of HackTheBox Forest, demonstrating an AS-REP roast → BloodHound → DCSync attack chain on a misconfigured Active Directory environment.