protocol1337
Security research, penetration-testing notes, and the occasional blue-team detour. Breaking things to understand them — then writing down how it actually worked.
// offense informs defense. both get documented here.
Latest: Methodical Linux Privilege Escalation: Enumerate First, Guess Never
Latest posts
Fresh writeups, newest first.
Methodical Linux Privilege Escalation: Enumerate First, Guess Never
Root isn't found, it's enumerated. The checklist mindset that turns a low-priv shell into a plan instead of a frantic guessing game.
Kerberoasting, Explained: Why Service Accounts Are a Liability
How one weak service-account password becomes domain-wide pain — the offense, and the exact signals blue teams should be alerting on.
From Reflected XSS to Account Takeover: Thinking in Chains
Single bugs are boring; chains are where the impact lives. Walking the attacker mindset that links low-severity findings into a real finding.
Detection Engineering for the Offensively-Minded
The best detections come from people who know how the attack actually works. Turning TTPs into signal instead of dashboard noise.
Browse by topic
Tagged by domain. Pick an attack surface.
// whoami
Notes from both sides of the engagement
I spend my time finding the ways in — web app logic flaws, Active Directory misconfigurations, the privilege-escalation path everyone walked past. Mostly offense, because the fastest way to understand a system is to try to break it.
But the report is the point. This blog is where the engagement gets written down: the attacker mindset that connects findings into impact, the detections that would have caught it, and enough blue-team context to make the fix stick. Real methodology, lab-safe, no edgelord nonsense.