Greg D. - Payload Forge

Beyond CRTO: pwnlift

22 Jun 2026 17 min read cve

TL;DR While working through CRTO, I found pwnlift exposed through passwordless sudo on the team server VM. The upload handler permitted arbitrary file write as root via symlink traversal, and the first

CRTO: Lifetime access to a course that doesn't exist any more

13 May 2026 8 min read red-team

I bought Red Team Ops on 30 July 2020, order #00531, £649 plus VAT. Canvas LMS access, shared VPN labs, both Covenant and Cobalt Strike taught as C2 options. The Cobalt Strike trial

Why Infra Pentests Suck

14 Apr 2026 19 min read cve

Let's call him Marco. We were both at the same consultancy, a few years into pentesting, stuck on site together at a client. I was mid-level, still figuring shit out

I Asked Two AIs to Help Me Set Up a Test Environment. Here's What Actually Happened.

19 Feb 2026 12 min read cve