$ whoami#

thecyberquestor — offensive security practitioner exploring every corner of the field.

If it has a shell, I want to know how to break it, how to defend it, and how the attack chain fits together.

interests#

Currently poking at (in rough order of obsession):

  • Linux privilege escalation — kernel exploits, misconfigurations, the weird edge cases
  • Active Directory & Windows — Kerberos attacks, ACL abuse, lateral movement
  • Web application security — the classics never die: SSRF, deserialization, auth bypasses
  • Red team tradecraft — C2 frameworks, OPSEC, post-exploitation
  • Malware analysis & reverse engineering — reading what attackers write so I can write better
  • Bug bounty / vuln research — n-day analysis, PoC development, disclosure

creds#

  • OSCP+ certified
  • Active CTF competitor — top rankings across platforms
  • Public writeups below

what this site is#

A place to learn, practice, and share. Expect writeups of boxes, CTFs, and CVEs; tool experiments; and research notes — the kind of things I wish existed when I was starting out.

elsewhere#