Disclaimer

Responsible Disclosure

All content on this site is published in good faith and for educational purposes only. Techniques described are performed against systems I own, systems with explicit written authorisation, or purpose-built lab environments (HackTheBox, TryHackMe, VulnHub, etc.).

If you believe any content describes a vulnerability in a system you operate, contact me via GitHub Discussions before taking any other action.

Anonymisation Policy

Real-world engagement findings are published only after:

• All client names, logos, and project codenames are removed.
• Internal hostnames, IP ranges, and Active Directory domain names are replaced with generic placeholders (target.htb, 10.10.x.x).
• Screenshots are reviewed and any credentials, tokens, or identifying session data are redacted.
• EXIF metadata is stripped from all images before publication.
• Sufficient time has passed that the vulnerability has been remediated.

No Warranty

The information on this site is provided "as is" without warranty of any kind. The author is not responsible for any misuse of the techniques described here. Performing security testing without written authorisation is illegal in most jurisdictions.