David Aguiar (tomato)

CCTV, an easy Linux machine that exposes a real-world camera management stack where default credentials open the door and a misconfigured service hands you root.

Pirate, a hard level Windows machine that throws you into a multi-segment Active Directory environment where every step forward requires digging deeper into how Windows authentication actually works and how to break it.

Interpreter, a medium level Linux machine where you exploit a known Mirth Connect RCE, crack hashes and abuse a SSTI vulnerability to reach root.

How I turned an old notebook into a home media server running Plex, qBittorrent and the full arr stack. Less of a tutorial, more of a documented mess that actually works.

Planning, an easy level Linux machine exploiting a Grafana RCE CVE, escaping Docker via leaked SSH creds, and abusing a cron web panel to execute commands as root.

Scepter, a hard level Windows machine where two chained ADCS misconfigurations are the heart of the box, with some certificate cracking and BloodHound enumeration to set the stage.

Environment, a medium level Linux machine chaining a Laravel auth bypass CVE, a file upload filter bypass for RCE, and a BASH_ENV sudo misconfiguration to reach root.

Personal notes on how LLMs actually work under the hood — transformers, neurons, weights, biases, training vs inference, and everything in between.

How Discord’s DLL search order can be abused to load attacker-controlled code. Covers DLL basics, cross-compiling from Linux with mingw64, procmon analysis, and dropping a rogue d3d12.dll.

Breaking down the Heaven’s Gate technique: WoW64 internals, how Windows handles 32-bit processes on 64-bit systems, and what actually happens at that far jump switching code segments — with live debugging in x32dbg and WinDbg.