{ "updated": "2026-06-02T07:37:28.910Z", "posts": [ { "id": "kubernetes-primitives", "title": "Kubernetes Primitives", "category": "Kubernetes", "summary": "Kubernetes only makes sense once the lower-level pieces are stable. This note builds from process, port, DNS, HTTP, proxy, NAT, firewall, and labels into Pod, Service, NetworkPolicy, and Ingress.", "date": "2026-06-01" }, { "id": "kubernetes-storage-rbac-config-primitives", "title": "Kubernetes Storage, Config, Secrets, and RBAC Primitives", "category": "Kubernetes", "summary": "Kubernetes storage, ConfigMaps, Secrets, ServiceAccounts, and RBAC make more sense once the base ideas are clear: files, mounts, persistence, environment variables, identity, authentication, authorization, tokens, and permissions.", "date": "2026-06-01" }, { "id": "arp-spoofing", "title": "ARP spoofing", "category": "Linux Networking", "summary": "ARP has no authentication. Any machine on the local network can send a fake reply claiming to own any IP. This is how the neighbour table gets poisoned, how traffic gets intercepted, and exactly what happens at the packet level.", "date": "2026-05-27" }, { "id": "ingress", "title": "Ingress", "category": "Kubernetes", "summary": "Ingress is not the thing that magically opens the cluster to the internet. The exposed Service gets traffic to the Ingress controller. The Ingress controller is the actual reverse proxy. The Ingress resource is only the routing rules the controller reads.", "date": "2026-05-27" }, { "id": "k8s-16-containerd-crictl-ctr", "title": "containerd, crictl, and ctr", "category": "Kubernetes", "summary": "containerd is the runtime that actually creates and runs containers. crictl is the Kubernetes-aware CLI for talking to it directly. ctr is containerd's own lower-level CLI. When kubectl stops working, these are what you use.", "date": "2026-05-27" }, { "id": "k8s-17-runc", "title": "runc", "category": "Kubernetes", "summary": "runc is the OCI runtime that actually creates container processes. It takes a bundle — a rootfs and a config.json — and makes the Linux syscalls to set up namespaces, cgroups, capabilities, and start the process. Everything above it (containerd, kubelet, Kubernetes) is orchestration. runc is where the container actually comes into existence.", "date": "2026-05-27" }, { "id": "cka-networking-dns", "title": "Kubernetes Networking — DNS", "category": "CKA", "summary": "CoreDNS resolves Service names inside the cluster. Every pod gets a resolv.conf pointing at CoreDNS. Know the DNS format and what breaks when CoreDNS is down.", "date": "2026-05-26" }, { "id": "cka-networking-ingress", "title": "Kubernetes Networking — Ingress", "category": "CKA", "summary": "Ingress is HTTP routing rules. The Ingress Controller is the actual proxy that reads those rules and handles traffic. One without the other does nothing.", "date": "2026-05-26" }, { "id": "cka-networking-networkpolicy", "title": "Kubernetes Networking — NetworkPolicy", "category": "CKA", "summary": "NetworkPolicy is traffic rules for pods. Without a CNI that enforces it, the object exists but does nothing. Default deny blocks everything, then you allow specific paths.", "date": "2026-05-26" }, { "id": "cka-networking-nodeport", "title": "Kubernetes Services — NodePort", "category": "CKA", "summary": "NodePort opens a port on every node in the cluster. Traffic hitting any node on that port reaches the Service and gets forwarded to pods.", "date": "2026-05-26" }, { "id": "kubernetes-services-clusterip-mini-labs", "title": "Kubernetes Services — ClusterIP", "category": "CKA", "summary": "A ClusterIP is a stable virtual IP that routes to pods by label selector. No selector match means no endpoints means no traffic.", "date": "2026-05-26" }, { "id": "drop-in-d-directories", "title": "The .d directory convention", "category": "Linux", "summary": "", "date": "2026-05-24" }, { "id": "weekly-80-20-commands", "title": "Weekly 80/20 command reference", "category": "Bottom-up DevSecOps", "summary": "Commands to run weekly for muscle memory. Process, network, kernel, namespaces, filesystem, services, security, firewall. Not HTB-only — general Linux + security ops.", "date": "2026-05-21" }, { "id": "80-20-01-rings", "title": "CPU rings - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What CPU privilege rings are, why only two get used, where the hypervisor fits, and why this is the hardware foundation that everything else builds on.", "date": "2026-05-19" }, { "id": "80-20-02-syscalls", "title": "Syscalls - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What a syscall actually is, how it crosses the ring boundary, what it looks like in practice with strace, and why everything on Linux bottoms out here.", "date": "2026-05-19" }, { "id": "80-20-03-processes", "title": "Processes - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What a process actually is in the kernel, what state it holds, how to inspect it, and why this matters for debugging and security.", "date": "2026-05-19" }, { "id": "80-20-04-file-descriptors", "title": "File descriptors - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What a file descriptor actually is, why 0/1/2 are always there, what the fd table looks like in /proc, and why this matters for debugging and security.", "date": "2026-05-19" }, { "id": "80-20-05-sockets-struct", "title": "Sockets (the struct) - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What a socket is as a kernel data structure, what fields it holds, and how it connects to the fd table and the network stack.", "date": "2026-05-19" }, { "id": "80-20-06-permissions", "title": "Permissions - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What permissions are at the inode level, how the bits map to rwx and SUID, how capabilities extend the model, and what this means for privilege escalation.", "date": "2026-05-19" }, { "id": "80-20-07-namespaces", "title": "Namespaces - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What Linux namespaces are, what each one isolates, how containers use them, and why the isolation is policy not hardware.", "date": "2026-05-19" }, { "id": "80-20-08-interfaces", "title": "Interfaces - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What a network interface is in the kernel, what fields it holds, how to read ip link output, and what carrier vs operstate actually means.", "date": "2026-05-19" }, { "id": "80-20-09-addresses", "title": "Addresses - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What the kernel's address table is, how IPs attach to interfaces, what scope means, and what adding an address actually does.", "date": "2026-05-19" }, { "id": "80-20-10-routes", "title": "Routes - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What the routing table is, how the kernel picks a route, what the default route does, and how to debug routing problems.", "date": "2026-05-19" }, { "id": "80-20-11-neighbours", "title": "Neighbours - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What the neighbour table is, how ARP fills it, what the states mean, and why a FAILED gateway entry breaks all internet access.", "date": "2026-05-19" }, { "id": "80-20-12-sockets-table", "title": "Sockets table - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What the socket table looks like from ss, what each state means, how to read Recv-Q and Send-Q, and what the bind address tells you.", "date": "2026-05-19" }, { "id": "80-20-13-conntrack", "title": "Conntrack - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What conntrack is, why stateful firewalls and NAT depend on it, what the states mean, and what happens when the table fills.", "date": "2026-05-19" }, { "id": "80-20-14-firewall-rules", "title": "Firewall rules - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What Netfilter is, where in the packet path rules run, what the tables are, how to read iptables output, and why the wrong chain is the most common mistake.", "date": "2026-05-19" }, { "id": "80-20-15-proc-pid", "title": "/proc/pid - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What /proc// is, which files matter, what each one contains, and how to use it when tools are not available.", "date": "2026-05-19" }, { "id": "80-20-16-proc-sys-net", "title": "/proc/sys/net - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What /proc/sys/net/ is, which parameters matter, how to read and write them, and how to make changes persistent.", "date": "2026-05-19" }, { "id": "80-20-17-sys-class-net", "title": "/sys/class/net - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What /sys/class/net/ exposes, which files matter per interface, how it differs from /proc, and when to use it.", "date": "2026-05-19" }, { "id": "80-20-18-dmesg", "title": "dmesg - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What dmesg is, what goes into it, how to read it, and when it is the only place that tells you what actually happened.", "date": "2026-05-19" }, { "id": "80-20-19-sysctl", "title": "sysctl - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What sysctl is, how it maps to /proc/sys/, which parameters you will actually use, and how to persist changes.", "date": "2026-05-19" }, { "id": "80-20-20-strace", "title": "strace - the 80/20", "category": "Bottom-up DevSecOps", "summary": "What strace is, how to use it to see what a process actually does, how to filter output, and when it is the only tool that tells you the truth.", "date": "2026-05-19" }, { "id": "privilege-escalation-suid-path-hijacking", "title": "Privilege escalation - SUID, PATH hijacking, and writable paths", "category": "Bottom-up DevSecOps", "summary": "What SUID is at the kernel level, how PATH hijacking works, how to find writable paths and SUID binaries, and how process inspection from article 1 connects to actual privilege escalation.", "date": "2026-05-19" }, { "id": "process-inspection-ps-aux-to-socket", "title": "Process inspection - from ps aux to socket", "category": "Bottom-up DevSecOps", "summary": "What ps aux, /proc, file descriptors, and ss actually are, how they connect, and how to drill from a process down to an open socket. Includes a real example walked step by step.", "date": "2026-05-19" }, { "id": "ref-disk-fs-tools", "title": "Disk and filesystem tools reference", "category": "Reference", "summary": "df, lsblk, fdisk, mount, lsof — what each does, when to use it, real examples.", "date": "2026-05-19" }, { "id": "ref-kernel-tools", "title": "Kernel tools reference", "category": "Reference", "summary": "dmesg, sysctl, /proc/sys, /sys — what each does, when to use it, real examples.", "date": "2026-05-19" }, { "id": "ref-networking-tools", "title": "Networking tools reference", "category": "Reference", "summary": "ip, ss, tcpdump, conntrack, nft, iptables — what each does, when to use it, real examples.", "date": "2026-05-19" }, { "id": "ref-process-tools", "title": "Process tools reference", "category": "Reference", "summary": "ps, pgrep, lsof, strace, /proc — what each does, when to use it, real examples.", "date": "2026-05-19" }, { "id": "ref-security-tools", "title": "Security tools reference", "category": "Reference", "summary": "auditctl, ausearch, capabilities, /proc status — what each does, when to use it, real examples. The security inspection layer.", "date": "2026-05-19" }, { "id": "ref-systemd-tools", "title": "Systemd tools reference", "category": "Reference", "summary": "systemctl, journalctl, systemd-analyze, resolvectl, networkctl, loginctl — what each does, when to use it, real examples.", "date": "2026-05-19" }, { "id": "cpu-privilege-rings", "title": "CPU privilege rings, just enough", "category": "Bottom-up DevSecOps", "summary": "What the four CPU rings are, why only two get used, where the hypervisor fits, and why this matters for containers and kernel modules.", "date": "2026-05-18" }, { "id": "glossary-01-system-words", "title": "System Words", "category": "glossary", "summary": "State, context, runtime, environment, configuration, setting, metadata, resource, object, entity, instance, lifecycle, and dependency — explained through how they actually work, not just what they are.", "date": "2026-05-18" }, { "id": "what-is-below-c-and-assembly", "title": "What is below C and assembly", "category": "Bottom-up DevSecOps", "summary": "The full stack from C source code down to electron behaviour in doped silicon. Nothing is magic, nothing is out of thin air.", "date": "2026-05-18" }, { "id": "01-interfaces-addresses-routes", "title": "Interfaces, IP addresses, and routes", "category": "Linux Networking", "summary": "Three kernel objects underpin all Linux networking. An interface is the send/receive endpoint. An IP address is identity attached to that endpoint. A route is the rule that decides which endpoint a packet leaves through.", "date": "2026-05-16" }, { "id": "02-arp-and-neighbors", "title": "ARP and the neighbor table", "category": "Linux Networking", "summary": "IP routing picks a next-hop IP. Ethernet needs a MAC address. ARP is how the kernel resolves one to the other. The neighbor table is where it caches the results.", "date": "2026-05-16" }, { "id": "03-nat-and-masquerade", "title": "NAT and MASQUERADE", "category": "Linux Networking", "summary": "NAT rewrites IP addresses as packets pass through a router. MASQUERADE is a specific form of NAT that automatically uses the outbound interface's IP as the source. Together they let many private IPs share one public IP — which is how your home router and every container runtime works.", "date": "2026-05-16" }, { "id": "04-namespaces-veth-bridges", "title": "Network namespaces, veth pairs, and bridges", "category": "Linux Networking", "summary": "A network namespace is an isolated copy of the kernel's networking stack. A veth pair is a virtual cable. A bridge is a software switch. Together they are the plumbing behind every container network.", "date": "2026-05-16" }, { "id": "05-iptables-tables-chains", "title": "iptables — tables, chains, and how rules are evaluated", "category": "Linux Networking", "summary": "iptables is a userspace tool that installs rules into the kernel's netfilter packet filtering framework. Rules live in chains. Chains live in tables. Every packet walks a chain until a rule matches or it falls through to the default policy.", "date": "2026-05-16" }, { "id": "06-iptables-writing-rules", "title": "iptables — writing rules from scratch", "category": "Linux Networking", "summary": "A rule has three parts: match criteria, target, and the chain it belongs to. This article builds rules from first principles and shows how to construct a working firewall from nothing.", "date": "2026-05-16" }, { "id": "07-iptables-nat-nftables", "title": "iptables — NAT table, DNAT, port forwarding, and nftables", "category": "Linux Networking", "summary": "The nat table handles address translation. DNAT rewrites the destination — this is how port forwarding works. nftables is the modern replacement for iptables with a unified syntax.", "date": "2026-05-16" }, { "id": "08-ip-header", "title": "The IP header", "category": "TCP/IP", "summary": "Every packet on the internet has an IP header. It carries the source and destination address, the TTL, the protocol, and fragmentation information. Reading it explains routing, firewalls, traceroute, and NAT.", "date": "2026-05-16" }, { "id": "09-tcp-handshake-states", "title": "TCP — handshake, states, and TIME_WAIT", "category": "TCP/IP", "summary": "TCP is a reliable stream protocol. Reliability requires setup, teardown, and state on both ends. The three-way handshake establishes a connection. States track where each endpoint is in the connection lifecycle. TIME_WAIT is why ports appear stuck after a connection closes.", "date": "2026-05-16" }, { "id": "10-rst-fin", "title": "RST vs FIN — connection abort vs graceful close", "category": "TCP/IP", "summary": "FIN is a graceful close. RST is an immediate abort. They look different in captures, mean different things to the application, and are what you see when nmap reports closed or filtered ports.", "date": "2026-05-16" }, { "id": "11-udp-icmp", "title": "UDP and ICMP", "category": "TCP/IP", "summary": "UDP sends datagrams with no handshake, no acknowledgement, no state. ICMP carries control messages about IP delivery — ping and traceroute are built on it. Both matter for DNS, nmap, and network debugging.", "date": "2026-05-16" }, { "id": "12-everything-is-a-file", "title": "Everything is a file — inodes, file descriptors, and /dev", "category": "Linux Process and File Fundamentals", "summary": "In Linux, almost everything is represented as a file. Sockets, pipes, devices, and processes all use the same open/read/write/close interface. File descriptors are the kernel's handles for any open resource.", "date": "2026-05-16" }, { "id": "13-permissions", "title": "File permissions — read, write, execute, owner, group", "category": "Linux Process and File Fundamentals", "summary": "Every file has an owner, a group, and three sets of permissions. The kernel checks these on every file access. Understanding them is mandatory for privilege escalation, hardening, and debugging \"permission denied\".", "date": "2026-05-16" }, { "id": "bottom-up-01-linux-processes-are-not-magic", "title": "Linux processes are not magic", "category": "Bottom-up DevSecOps", "summary": "A process is a running program plus kernel state. Inspect PID, parent, environment, cwd, file descriptors, and /proc until it stops feeling invisible.", "date": "2026-05-16" }, { "id": "bottom-up-02-linux-permissions-suid-and-root", "title": "Linux permissions, SUID, and why root matters", "category": "Bottom-up DevSecOps", "summary": "Permissions are kernel access checks. Build files, change owners/modes, inspect SUID, and prove why one bit can become privilege escalation.", "date": "2026-05-16" }, { "id": "bottom-up-03-tcp-handshake-with-tcpdump", "title": "TCP handshake with tcpdump", "category": "Bottom-up DevSecOps", "summary": "Capture one real TCP connection and read SYN, SYN-ACK, ACK, sequence numbers, ports, and socket state.", "date": "2026-05-16" }, { "id": "bottom-up-04-open-closed-filtered-at-packet-level", "title": "Open, closed, filtered at packet level", "category": "Bottom-up DevSecOps", "summary": "Recreate nmap states yourself with a listener, an empty port, and firewall rules. Then prove each state with tcpdump.", "date": "2026-05-16" }, { "id": "bottom-up-05-dns-from-query-to-answer", "title": "DNS from query to answer", "category": "Bottom-up DevSecOps", "summary": "Follow one DNS name from your machine to resolver, root, TLD, authoritative server, answer, and cache.", "date": "2026-05-16" }, { "id": "bottom-up-06-linux-dns-config-and-kubernetes-dns-weirdness", "title": "Linux DNS config and Kubernetes DNS weirdness", "category": "Bottom-up DevSecOps", "summary": "Understand resolv.conf, search domains, and ndots before Kubernetes DNS makes normal names explode into several queries.", "date": "2026-05-16" }, { "id": "ip-link-addr-route-neigh-relationship", "title": "How ip link, ip addr, ip route, and ip neigh fit together", "category": "Networking in 60 Seconds Notes", "summary": "Four views into Linux kernel networking state: interfaces, addresses, routes, and neighbor mappings.", "date": "2026-05-13" }, { "id": "ip-link-kernel-interface-state", "title": "ip link in 60 seconds", "category": "Networking in 60 Seconds", "summary": "Read and change Linux network-interface state: names, flags, MACs, MTU, promiscuous mode, and virtual links.", "date": "2026-05-13" }, { "id": "mac-addresses-why-care", "title": "Why care about MAC addresses?", "category": "Networking in 60 Seconds Notes", "summary": "Why MAC addresses matter, when changing one helps, and where MAC spoofing fits in HTB/pentest work.", "date": "2026-05-13" }, { "id": "mac-spoofing", "title": "MAC spoofing in 60 seconds", "category": "Networking in 60 Seconds", "summary": "Change the MAC address Linux uses on an interface, renew DHCP, and prove the new Layer 2 identity is visible on the LAN.", "date": "2026-05-13" }, { "id": "what-is-a-network-interface", "title": "What is a network interface?", "category": "Networking in 60 Seconds Notes", "summary": "A network interface is the kernel's named send/receive endpoint for packets. It may be hardware, virtual hardware, or pure software.", "date": "2026-05-13" }, { "id": "arp-spoofing-lab-lan", "title": "ARP spoofing in 60 seconds: become the gateway on a lab LAN", "category": "Networking in 60 Seconds", "summary": "Three machines, one gateway, one lie. Poison ARP, redirect a victim through your box, and watch the neighbor table change in real time.", "date": "2026-05-12" }, { "id": "arp-table-populates", "title": "ARP in 60 seconds: ping a new host and watch the table populate", "category": "Networking in 60 Seconds", "summary": "Start with an empty neighbor table, ping a local host, capture the ARP request and reply, and watch Linux learn the MAC address it needs.", "date": "2026-05-12" }, { "id": "mac-addresses-change-one", "title": "MAC addresses in 60 seconds: change one and watch the LAN notice", "category": "Networking in 60 Seconds", "summary": "Find your interface MAC, change it with macchanger, reconnect, and see why Layer 2 identity is local to a network segment.", "date": "2026-05-12" }, { "id": "why-nc-listeners-die-after-nmap-scan", "title": "Why nc listeners die after an nmap scan", "category": "Networking in 60 Seconds", "summary": "Why netcat listeners exit after an nmap SYN scan and how half-open scans actually work.", "date": "2026-05-12" }, { "id": "why-nmap-shows-random-service-names-for-nc", "title": "Why nmap shows random service names for nc", "category": "Networking in 60 Seconds", "summary": "Why nmap labels netcat listeners as random services like SSH or HTTP even when those services are not actually running.", "date": "2026-05-12" }, { "id": "00-how-program-sends-bytes", "title": "What the OS does when you open a socket", "category": "Networking in 60 Seconds", "summary": "Three lines of Python. What the kernel actually does on each line.", "date": "2026-05-11" }, { "id": "01-url-journey", "title": "What happens when you type a URL", "category": "Networking in 60 Seconds", "summary": "The whole journey — DNS → TCP → TLS → HTTP — captured in one pcap. The map before the terrain.", "date": "2026-05-11" }, { "id": "02-ethernet-frames", "title": "Ethernet frames", "category": "Networking in 60 Seconds", "summary": "Every packet on a LAN sits inside an Ethernet frame. Capture one, decode the bytes, see the header.", "date": "2026-05-11" }, { "id": "02b-ethernet-frames-kernel", "title": "Ethernet frames at the kernel level", "category": "Networking in 60 Seconds", "summary": "Why frames matter. What the kernel does when sending one, what it does when receiving one. The role of EtherType as the kernel's protocol dispatcher.", "date": "2026-05-11" }, { "id": "03-mac-addresses", "title": "MAC addresses", "category": "Networking in 60 Seconds", "summary": "48 bits, half vendor half serial, two flag bits, one broadcast. Read them, decode them, change them, restore them.", "date": "2026-05-11" }, { "id": "04-arp", "title": "ARP — how IPs become MACs", "category": "Networking in 60 Seconds", "summary": "The kernel needs a MAC to put a frame on the wire. ARP is how it finds one. Flush, ping, capture, watch the table populate.", "date": "2026-05-11" }, { "id": "05-arp-spoofing", "title": "ARP spoofing — poisoning the table", "category": "Networking in 60 Seconds", "summary": "ARP has no authentication. Anyone on the segment can claim to be any IP. Demo the attack from the Debian VM against the M1, then defend.", "date": "2026-05-11" }, { "id": "06-switches-vs-hubs", "title": "Switches vs hubs", "category": "Networking in 60 Seconds", "summary": "Hub = blast every frame to every port. Switch = learn MACs, forward only where needed. Build a switch on the VM with namespaces + bridge, watch the MAC table fill.", "date": "2026-05-11" }, { "id": "28-nat", "title": "NAT — rewriting addresses in flight", "category": "Networking in 60 Seconds", "summary": "NAT = the kernel rewrites IP/port fields on packets as they pass through. Three flavours (SNAT, DNAT, MASQUERADE). Demo port forwarding from the M1 into the Debian VM.", "date": "2026-05-11" }, { "id": "34-tcp-states", "title": "TCP states — what ss shows you", "category": "Networking in 60 Seconds", "summary": "Every TCP socket is in one of ~11 states at any moment. Watch ss as a connection opens, runs, and closes. Force the rare states (SYN-SENT, CLOSE-WAIT, TIME-WAIT) deliberately.", "date": "2026-05-11" }, { "id": "89-iptables", "title": "iptables — the full picture", "category": "Networking in 60 Seconds", "summary": "Tables, chains, the packet flow diagram, practical patterns. The mental model that makes every iptables command stop feeling random.", "date": "2026-05-11" }, { "id": "build-a-tiny-firewall", "title": "Build a tiny firewall to understand nmap states", "category": "Networking in 60 Seconds", "summary": "Two machines, three ports, three iptables rules, one scan. Produce open / closed / filtered from rules you wrote yourself. Then break your own firewall with evasion techniques.", "date": "2026-05-11" }, { "id": "kernel-primer", "title": "The kernel, just enough for networking", "category": "Networking in 60 Seconds", "summary": "What the kernel is, the two zones, the network stack inside the kernel, the tables it keeps, and how userspace talks to it. No more, no less.", "date": "2026-05-11" }, { "id": "debian-arm64-vm-dotfiles", "title": "Debian arm64 CLI VM dotfiles + setup script", "category": "Tools", "summary": "", "date": "2026-05-06" }, { "id": "debian-cli-vm-utm-htb", "title": "Debian CLI-only VM on UTM for HTB", "category": "HTB", "summary": "Install Debian CLI only for HTB on M1", "date": "2026-05-06" }, { "id": "nmap-reference", "title": "Nmap reference", "category": "HTB", "summary": "nmap reference", "date": "2026-05-06" }, { "id": "nmap-scripts", "title": "Which nmap scripts", "category": "Questions", "summary": "nmap scripts", "date": "2026-05-06" }, { "id": "quick-nmap-htb", "title": "Quick nmap start for HTB", "category": "HTB", "summary": "nmap start on htb", "date": "2026-05-06" }, { "id": "running-commands-blindly-htb", "title": "Running commands blindly", "category": "Questions", "summary": "running commands blindly", "date": "2026-05-06" }, { "id": "tcpdump-nc-banner-htb", "title": "Tcpdump NC and banner grabbing", "category": "HTB", "summary": "tcpdump nc and banner grabbing", "date": "2026-05-06" }, { "id": "how-do-people-find-bugs", "title": "How does anyone actually find these bugs?", "category": "Questions", "summary": "Pattern recognition and time investment", "date": "2026-05-05" }, { "id": "nmap-questions-htb", "title": "Nmap Questions", "category": "Questions", "summary": "nmap -sn ttl packet trace", "date": "2026-05-05" }, { "id": "understanding-nmap-script-vuln-results", "title": "Understanding nmap script vuln results", "category": "Questions", "summary": "nmap script vuln results", "date": "2026-05-05" }, { "id": "cookies", "title": "Cookies", "category": "Web in 60 Seconds", "summary": "HTTP is stateless. Cookies are how you fake continuity.", "date": "2026-05-01" }, { "id": "cors", "title": "CORS", "category": "Web in 60 Seconds", "summary": "Why your fetch is blocked. The browser rule, not a server one.", "date": "2026-05-01" }, { "id": "graphql", "title": "GraphQL", "category": "Web in 60 Seconds", "summary": "One endpoint, one query, exactly the fields you want. The REST alternative.", "date": "2026-05-01" }, { "id": "jwt", "title": "JWT", "category": "Web in 60 Seconds", "summary": "A signed token with identity inside. No DB lookup, just verify the signature.", "date": "2026-05-01" }, { "id": "session-hijacking", "title": "Session Hijacking", "category": "Web in 60 Seconds", "summary": "Decoding a cookie is easy. Modifying it isn't. Reusing it is the real risk.", "date": "2026-05-01" }, { "id": "sessions-explained", "title": "Sessions Explained (Flask)", "category": "Web in 60 Seconds", "summary": "What actually happens when Flask sets a session — JSON to base64 to signed cookie and back.", "date": "2026-05-01" }, { "id": "sessions", "title": "Sessions", "category": "Web in 60 Seconds", "summary": "Cookies identify. Sessions are where \"you are logged in\" actually lives.", "date": "2026-05-01" }, { "id": "webhooks", "title": "Webhooks", "category": "Web in 60 Seconds", "summary": "An HTTP POST sent to a URL when something happens. The opposite of an API call.", "date": "2026-05-01" }, { "id": "htb-easy-playbook", "title": "HTB Easy Box Playbook", "category": "Methodology", "summary": "Standard recon-to-root methodology for easy HTB boxes. 80% of easy boxes follow this exact pattern. The skill is recognising which step you're on and moving efficiently.", "date": "" } ] }