https://z-r0crypt.github.io/posts/ Recent content in Posts on z-r0crypt Hugo en-us Fri, 13 Jun 2025 00:00:00 +0000 https://z-r0crypt.github.io/posts/2025-06-13-oscp-to-osep-red-team-gap/ Fri, 13 Jun 2025 00:00:00 +0000 https://z-r0crypt.github.io/posts/2025-06-13-oscp-to-osep-red-team-gap/ What OSCP doesn't teach you and why it matters for real enterprise work. A practitioner's perspective on the gap between entry-level certification and red team readiness, written after passing OSCP in 2017 and OSEP while actively working in red teaming. https://z-r0crypt.github.io/posts/2023-08-20-sssd-extract-v2/ Sun, 20 Aug 2023 00:00:00 +0000 https://z-r0crypt.github.io/posts/2023-08-20-sssd-extract-v2/ How to extract cached Active Directory credentials, group memberships, user accounts and machine accounts from SSSD on domain-joined Linux systems. Includes extended fork with domain enumeration added during OSEP preparation. https://z-r0crypt.github.io/posts/2023-04-27-htb-osep-machines/ Thu, 27 Apr 2023 00:00:00 +0000 https://z-r0crypt.github.io/posts/2023-04-27-htb-osep-machines/ Curated list of HTB machines mapped to every PEN-300 syllabus topic: client-side execution, AV evasion, AD exploitation, MSSQL abuse, lateral movement and more. Includes TJNull OSEP-like list. https://z-r0crypt.github.io/posts/2021-01-25-dangerous-php-functions/ Mon, 25 Jan 2021 00:00:00 +0000 https://z-r0crypt.github.io/posts/2021-01-25-dangerous-php-functions/ Complete reference of PHP functions exploitable for RCE, LFI, information disclosure and filesystem manipulation. Includes grep and semgrep patterns for source code review, PHP version notes, and exploitation context for OSWE/AWAE. https://z-r0crypt.github.io/posts/2020-02-05-crypto-week2-part2/ Wed, 05 Feb 2020 00:00:00 +0000 https://z-r0crypt.github.io/posts/2020-02-05-crypto-week2-part2/ Deep dive into CBC/CTR implementation details, IV/nonce management, padding oracle attacks, and performance comparison of encryption modes. https://z-r0crypt.github.io/posts/2020-02-03-crypto-week2-part1/ Mon, 03 Feb 2020 00:00:00 +0000 https://z-r0crypt.github.io/posts/2020-02-03-crypto-week2-part1/ Block cipher theory, PRP/PRF security, ECB/CBC/CTR modes, IV construction, and semantic security under chosen-plaintext attack (CPA). https://z-r0crypt.github.io/posts/2020-01-22-oswe-awae-prep/ Wed, 22 Jan 2020 00:00:00 +0000 https://z-r0crypt.github.io/posts/2020-01-22-oswe-awae-prep/ Complete OSWE/AWAE preparation guide from someone who passed in 2020. Curated resources by vulnerability class, exam strategy, and what actually matters for the 48-hour exam. https://z-r0crypt.github.io/posts/2019-11-25-microcorruption-ctf/ Mon, 25 Nov 2019 00:00:00 +0000 https://z-r0crypt.github.io/posts/2019-11-25-microcorruption-ctf/ Hands-on guide to MSP430 assembly debugging and memory corruption exploitation in Microcorruption CTF challenges. https://z-r0crypt.github.io/posts/2019-11-24-crypto-stanford-week1/ Sun, 24 Nov 2019 00:00:00 +0000 https://z-r0crypt.github.io/posts/2019-11-24-crypto-stanford-week1/ Stream cipher security, pseudo-random generators, information-theoretic security, and practical attacks on weak PRGs. Stanford Cryptography I Week 1.