Preparing for the OSCP can be overwhelming, I totally get it. There are moments where self-doubt creeps in, especially when things don’t go as planned in exam. In this post, I’ll share some tips that helped me push through and pass the exam. Why You Shouldn’t Doubt Yourself While Giving OSCP The OSCP exam is as much a mental battle as it is a technical one. If you’ve ever doubted yourself during this journey, I’ve been there too and this post is for you. I’ll walk you through how I went from completely underprepared to finally cracking the exam after a focused sprint. Maybe this will help you see that it’s never too late to shift gears and get it done. ...

In this post, I’ll demonstrate how a Server-Side Request Forgery (SSRF) vulnerability can be exploited to access the EC2 instance metadata service, allowing an attacker to retrieve IAM role credentials and potentially escalate privileges within the AWS environment. Privilege Escalation via SSRF on EC2 Introduction This scenario demonstrates a misconfigured AWS environment where an attacker can pivot through multiple services—starting from a limited IAM user and ultimately gaining high-privileged access by exploiting a Server-Side Request Forgery (SSRF) vulnerability in an EC2-hosted web application. ...

In this post, I’ll cover how multiple policy versions with overly permissive configuration for an older version leads to privilege escalation in AWS. Privilege Escalation via Rollback Introduction A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. AWS IAM policies define permissions for an action regardless of the method that you use to perform the operation. ...

A SOCKS5 proxy routes network traffic through a third-party server, masking your IP and enabling more flexible traffic tunneling. In pentesting, it’s commonly used to pivot through compromised hosts or anonymize scanning activities. ...