https://kondred.com Cybersecurity Portfolio & Knowledge Base — HTB Writeups, Notes, and Blog en Sat, 20 Jun 2026 13:11:02 GMT https://kondred.com/htb/variatype https://kondred.com/htb/variatype Sat, 14 Mar 2026 00:00:00 GMT VariaType is a Hack The Box machine that involves exploiting vulnerabilities in font generation tools to gain initial access and escalate privileges to root. https://kondred.com/htb/cctv https://kondred.com/htb/cctv Sat, 07 Mar 2026 00:00:00 GMT Known CVE for initial access through a web-based surveillance platform, credential reuse for lateral movement, and privilege escalation via an internal service running as root. https://kondred.com/notes/ez-tools https://kondred.com/notes/ez-tools Thu, 05 Mar 2026 00:00:00 GMT Eric Zimmerman's forensics tools cheatsheet https://kondred.com/htb/pirate https://kondred.com/htb/pirate Sun, 01 Mar 2026 00:00:00 GMT Active Directory exploitation through credential abuse, authentication relay, and delegation misconfigurations for full domain compromise. https://kondred.com/htb/cobblestone https://kondred.com/htb/cobblestone Thu, 26 Feb 2026 00:00:00 GMT Multi-stage web exploitation chain leading to root through internal service abuse. https://kondred.com/htb/nanocorp https://kondred.com/htb/nanocorp Wed, 25 Feb 2026 00:00:00 GMT Credential capture for initial access, lateral movement through Active Directory misconfigurations, and local privilege escalation to SYSTEM. https://kondred.com/htb/guardian https://kondred.com/htb/guardian Tue, 24 Feb 2026 00:00:00 GMT HTB Writeup for Guardian https://kondred.com/htb/gavel https://kondred.com/htb/gavel Sun, 22 Feb 2026 00:00:00 GMT PHP web application with a subtle injection vector, code execution through admin functionality, and sandbox escape for root. https://kondred.com/htb/interpreter https://kondred.com/htb/interpreter Sun, 22 Feb 2026 00:00:00 GMT Known CVE for initial access and privilege escalation through unsafe input handling in a root-level service. https://kondred.com/blog/ocf26 https://kondred.com/blog/ocf26 Sun, 22 Feb 2026 00:00:00 GMT What does an Attack & Defense CTF exercise look like from the inside? I invite you to read the report from Operation Cyber Flag '26. https://kondred.com/notes/bruteforce https://kondred.com/notes/bruteforce Mon, 16 Feb 2026 00:00:00 GMT Various command for bruteforcing different services https://kondred.com/notes/filetransfers https://kondred.com/notes/filetransfers Mon, 16 Feb 2026 00:00:00 GMT Various commands for file transfer https://kondred.com/notes/volatility https://kondred.com/notes/volatility Mon, 16 Feb 2026 00:00:00 GMT Volatility cheatsheet https://kondred.com/notes/web-fuzzing https://kondred.com/notes/web-fuzzing Mon, 16 Feb 2026 00:00:00 GMT Various command for web fuzzing https://kondred.com/htb/wingdata https://kondred.com/htb/wingdata Sun, 15 Feb 2026 00:00:00 GMT Known CVE for initial access, password cracking, and privilege escalation through a Python extraction bypass. https://kondred.com/notes/stabilizing-shell https://kondred.com/notes/stabilizing-shell Sun, 15 Feb 2026 00:00:00 GMT Stabilizing shell https://kondred.com/notes/tunneling https://kondred.com/notes/tunneling Sat, 14 Feb 2026 00:00:00 GMT Methods for tunneling network traffic https://kondred.com/htb/browsed https://kondred.com/htb/browsed Sat, 29 Nov 2025 00:00:00 GMT Web application exploitation through browser extension abuse and creative privilege escalation via Python internals.