bksp_

enumerate. prove. document.

// FEATURED

claude-devkit: Repeatable Workflows for AI Coding Agents

AI coding agents are powerful but unstructured. claude-devkit gives them versioned, validated, multi-step workflows that turn ad hoc prompting into repeatable engineering.

Mar 9, 2026 • 7 min read Read more

// LATEST

// build

claude-devkit: Repeatable Workflows for AI Coding Agents

AI coding agents are powerful but unstructured. claude-devkit gives them versioned, validated, multi-step workflows that turn ad hoc prompting into repeatable engineering.

Mar 9, 2026 7 min read

// offense

SQL Injection by Default in Grafana (HTB — Jupiter)

A walkthrough of HackTheBox Jupiter, demonstrating how Grafana's raw SQL passthrough to PostgreSQL can be exploited for remote code execution and full system compromise.

Oct 25, 2023 10 min read

// offense

Abusing Common Windows Misconfigurations (HackTheBox — Active)

A walkthrough of HackTheBox Active covering anonymous SMB access, Group Policy Preferences exploitation, and Kerberoasting to achieve domain admin on a Windows Server 2008 R2 domain controller.

Jun 3, 2023 5 min read

// offense

HackTheBox WriteUp — Ghoul

A walkthrough of one of HackTheBox's hardest machines — Ghoul. Zip slip exploitation, multi-host pivoting across Docker containers, Gogs privilege escalation, git history mining, and SSH session hijacking to reach root.

May 14, 2023 6 min read