CTF Write-ups

CTF write-ups exist on every blog. The one thing I try to do differently here: end each writeup with what the box teaches the defender — what would have stopped the chain, what to check on your own infra, which CVE class it maps to.

If you're here for the walkthrough alone, the steps are still standard. If you self-host or run production infra, scroll to the "What this teaches the defender" section at the bottom of each post.

HackTheBox

• Lame — the eternal first box — Samba 3.x usermap_script. Defender takeaway: why long-EOL software on the perimeter is the actual root cause, not the CVE itself.
• *(More boxes published weekly — the next one is queued.)*

TryHackMe

• *Coming up in the Phase 4 plan.*

Categories I cover

• Linux privesc — kernel exploits, SUID/SGID, cron, capabilities
• Web exploitation — SSRF, XXE, deserialization, auth bypass — the ones you'd actually see on a self-hosted app
• Network services — Samba, NFS, FTP, the long tail of "why is that still open"

Why CTFs are useful for self-hosters

Reading CTF write-ups is the fastest way to internalize what the other side is checking when they scan your IP. If you've seen ten boxes that fell to a default SNMP community string, you'll never deploy SNMP without changing the community string. If you've seen ten boxes that fell to python -c '__import__("os")...' injected through a search field, you'll never trust a search field again.

It's not entertainment. It's a defender's training corpus.

Get one CTF write-up + one defender lesson each week

FREE PDFServer Hardening Checklist — 47 steps

Drop your email and I’ll send the PDF plus one practical tutorial each week.

Send me the checklist →

Related clusters

• VPS Security — apply the lessons
• Self-hosting — the full self-host journey