After five years of trying harder, my OSCE³ journey has officially come to an end. What began during the uncertainty of the pandemic has finally led to this moment.

I began my CAPE journey a few weeks after its release on December 11, 2024. Fast forward to 2025, after a year of a love-hate relationship with Active Directory, I was able to complete the course and passed the hardest AD security certification that I've taken.

In this post, I would like to share my experience taking the CAPE exam and my journey toward becoming a Certified Active Directory Pentesting Expert (CAPE). I hope this brief write-up provides insights into what the course offers, what to expect from the exam, and a few helpful tips for future CAPE candidates.

The last HackTheBox Pro Labs scenario I completed was Cybernetics (23 machines), which I used to prepare for PEN-300: Evasion Techniques and Breaching Defenses course and OSEP exam back in 2022. Fast forward to a few weeks ago, I decided to take on another challenge, this time I went to solve Ifrit, one of the smaller Pro Labs in the HTB ecosystem.

In this two-part tutorial, I will walk you through the development of a complete exploit for a remote buffer overflow vulnerability in Sync Breeze 10.0.28. The exploit leverages Return Oriented Programming (ROP) and abuses the WriteProcessMemory (WPM) API to bypass Microsoft’s security feature known as Data Execution Prevention (DEP).

In this post, I’d like to share my experience conducting a cloud security assessment of the HackTheBox BlackSky: Cyclone

This isn’t your usual CTF. That was the first thing that crossed my mind when I fired up BlackSky: Hailstorm, one of the three professional cloud labs offered by Hack The Box.

In this post, I would like to share a brief review and some personal insights from my experience taking the HackTheBox Penetration Testing Path and CPTS exam.