TryHackMe Writeups Overview

Welcome to my collection of TryHackMe writeups. This section of my portfolio is dedicated to documenting my technical journey through various cybersecurity challenges.

As I study software development and testing, I use these writeups to bridge the gap between theoretical knowledge and practical, hands-on experience in IT Security, Operations, and network infrastructures.

What These Writeups Cover

Each writeup in this folder is designed as an analytical breakdown of a compromised room, rather than a simple set of instructions. My documentation focuses on:

• Comprehensive Enumeration: The initial discovery phase and scanning techniques used to identify targets.
• Exploitation Methodologies: Step-by-step walkthroughs of how vulnerabilities were identified and leveraged.
• Privilege Escalation: Detailed accounts of moving from initial access to full system or root control.
• Security Fundamentals: I aim to explain not just the "how" of a capture, but the "why"—analyzing the underlying reasons specific vulnerabilities exist in the first place.

Core Technical Focus

My research typically centers on several key domains found within the challenges in this directory:

• Windows and Active Directory: Exploiting Domain Controllers through methods like Kerberos enumeration, AS-REP Roasting, and DCSync attacks, as well as leveraging specific Windows privileges like SeImpersonatePrivilege.
• Web Exploitation: Analyzing diverse flaws including Insecure Direct Object References (IDOR), PHP Padding Oracle attacks, and session hijacking.
• Container and Kernel Security: Investigating Docker environments, escaping containers through shared mounts, and implementing advanced escapes using custom kernel modules.
• Emerging Technologies: Identifying logic flaws in Web3 environments and Solidity-based smart contracts.

I hope these writeups provide clear insights into my methodologies and technical approach to offensive and defensive security research.