#linux
3 posts
// defense
Fixing Copy Fail without Reboot
A guest walkthrough of mitigating CVE-2026-31431 (Copy Fail) on RHEL 8 using Cloudflare's BPF-LSM approach — no reboot required after initial setup.
May 9, 2026 12 min read
// offense SQL Injection by Default in Grafana (HTB — Jupiter)
A walkthrough of HackTheBox Jupiter, demonstrating how Grafana's raw SQL passthrough to PostgreSQL can be exploited for remote code execution and full system compromise.
Oct 25, 2023 10 min read
// offense HackTheBox WriteUp — Ghoul
A walkthrough of one of HackTheBox's hardest machines — Ghoul. Zip slip exploitation, multi-host pivoting across Docker containers, Gogs privilege escalation, git history mining, and SSH session hijacking to reach root.
May 14, 2023 6 min read