HTB Academy: Windows CMD and Powershell

November 23, 2025 - 6 mins read

I did say that I needed to work on my Windows sys admin skills and also my PowerShell-fu and so here I am. As per the usual when it comes to my Academy content, I will just be covering the skill assessment part of the module. It was a good module though, covered a lot of content as you get some hands on with both CMD and PowerShell and both are important.

Hack the Box Starting Point: Crocodile

November 23, 2025 - 6 mins read

Time for our next Tier 1 box, Crocodile looks like it will be covering a few of the different tools we’ve been getting familiar with rather than introducing any new ones. Scrolling through the questions I see some FTP, gobuster, nmap, php, you know, fun stuff. Anyhow of you’re not familiar with any of this I implore you to go back and look through some of my other posts, otherwise fire up your attack environments and let’s go huntin for gators.

Hack the Box Starting Point: Responder

November 23, 2025 - 7 mins read

Responder Hello and welcome back to the little Starting Point series I’ve been doing on the HacktheBox main platform. Today we’re going to be looking at the Responder box which definitely looks interesting. Just peaking at the questions ahead of us we’re going to be dealing with some stuff that I haven’t touched too mouch. Yeah we have some web stuff, but it looks like it may be hosted on a Windows server?

HTB Starting Point: Appointment

November 5, 2025 - 4 mins read

HTB Starting Point: Appointment Hello and welcome to Starting Point Tier 1! We are officially out of tier zero and are now actually working towards a little bit of actual exploitation! Todays box, Appointment, is going to be covering some of the fundamentals of SQL injection. SQL stands for structured query language and we briefly touched on it during the Mongod box. SQL in it’s normal use is a query language (obviously) that allows us to interact with databases.

HTB Starting Point: Mongod

November 5, 2025 - 5 mins read

Getting Familiar with MongoDB Moving onto our next Starting Point machine we have this bad boy. A quick look at the tasks associated with guy shows that we’re going to need to be brushing up on our MongoDB knowledge. Truthfully, I don’t have a ton of experience with this so this will be good for all of us. After connecting to HTB’s environment through either their pwnbox or OpenVPN let’s go ahead and spawn our target and then get started with this first task.

HTB Starting Point: Synced

November 5, 2025 - 4 mins read

Rsync is a Pretty Important Tool Hey there and welcome to the final box under HTB’s Starting Point Tier 01 Yayyyy (this took me way too long). Anyhow, todays box is going to be going over the usage of a tool called rsync which is another file transfer tool, but a very powerful one. Frequently used by sys admins and what not to perform system backups and things of that nature.

Hack the Box: Nibbles Walkthrough

October 29, 2025 - 8 mins read

Port Scanning For this box, we know it’s a Linux box and it has a web server of some kind. Let’s perform some emumeration and start off with an nmap scan. Run the command nmap -sV --open -oA nibbles_initial_scan <target_ip> this will perform a full version scan on the target, only returning output for open ports and will output everything to the initial scan file. the .nmap file is the same as stndout and the other two are formatted for potential other operations

HTB Academy: Windows Fundamentals

October 29, 2025 - 5 mins read

Now in the past, I’ve gone on the record saying that I don’t like covering Academy content and that’s still true. I will do it however if one of two conditions are met, I think it’s hard and there’s not a lot of resources on the topic. Or if I personally suck at it and this one is definitely the latter as my Windows sysadmin skills are not great. With that being said, feel free to join me as I quick work on the Skills Assessment portion of the HTB Academy Windows Fundamentals module.

Preignition

October 14, 2025 - 3 mins read

Looks like for this box we’re going to be using Gobuster to do some web directory brute forcing shenanigans. After starting our Pwnbox and letting our instance spawn in we’re going to address the first task. Task 1 Dir busting is the other name for directory brute forcing, so that’s that. Task 2 That’s going to be the -sV flag in order to tell Nmap to do version detection (as we’ll see later).

Meerkat

September 13, 2025 - 10 mins read

HackTheBox Sherlocks: Meerkat Walkthrough Hello everyone and welcome to my first Sherlock writeup! I’ve done a few other HTB writeups before, but we’re going to start doing a few more of their Sherlock challenges. With the Holmes CTF fast approaching I figured this was a good time for all of us to brush up on our blue teams skills and start doing some investigating. What Are Sherlocks? Sherlocks are a HacktheBox (HTB) challenge type that more so revolve around digital forensics, network traffic analysis, malware analysis and so on.