Writeups > Security Research

In-depth analysis of security research, CTF challenges, and real-world attack scenarios. Each writeup includes detailed methodology, tools used, and step-by-step solutions.

When npm install Gets You Hacked: Simulating the Famous Chollima Job Scam Campaign

Hard

A red team simulation inspired by North Korean APT group Famous Chollima, demonstrating how malicious npm packages can be weaponized in fake job recruitment campaigns targeting developers.

JavaScriptPythonRed TeamingAPTLazarus Group

2025-07-11Read Writeup→

How to Hijack a Windows System with Nothing but Built-in Tools

Hard

A realistic multi-stage attack demonstration using only built-in Windows tools, showcasing advanced red teaming techniques.

WindowsRed TeamingPrivilege EscalationLateral Movement

2025-03-20Read Writeup→

FileFix: A Simple Social Engineering Trick That Launches PowerShell from the Browser

Medium

The goal of the FileFix attack is to get the victim to unknowingly execute a malicious command that looks like a regular file path.

Social EngineeringPowerShellPhishingRed Teaming

2025-06-25Read Writeup→

HackTheBox - Machine Name

Hard

Detailed walkthrough of a challenging machine with multiple attack vectors.

WindowsActive DirectoryPrivilege Escalation

2024-03-15Read Writeup→

TryHackMe - Room Name

Easy

Step-by-step guide through a beginner-friendly room covering basic concepts.

LinuxWebNetwork

2024-03-10Read Writeup→

VulnHub - VM Name

Medium

Comprehensive analysis of a vulnerable machine with detailed exploitation steps.

LinuxPrivilege EscalationWeb

2024-03-05Read Writeup→

// Note: All writeups are for educational purposes only

// Use the knowledge responsibly and ethically

// Respect the platforms' terms of service